Block CBC
Hi there, I'm having a challenge on Blocking entirely the CBC cipher. The ciphers I'm using are: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305-SHA256 ECDHE-RSA-CHACHA20-POLY1305-SHA256 ECDHE-ECDSA-AES128-SHA256 The problem is that even the above ciphers are selected, the testing shows that the F5 can communicate with CBC. Any further configuration needed here Thank you A3Views0likes0CommentsPortal Access to HTTPS resources slow
Hey all, Wanted to reach out to see if anyone has dealt with Portal Access and performance issues for resources in the backend that use HTTPS. I'm on version 15.x, recently upgraded to v15.1.10.3, and the issue persists. I also have the iRule to patch issues with Chrome 122+. On the client-side, only HTTPS is permitted. If the backend app is allowed to use HTTP then it works well. But having backend traffic use HTTPS in some instances makes the app nearly unusable. And in the cases where the backend tries to enforce a http-to-https redirect effectively "blocks" the access. Trying to change a number of options has yielded little results. I do have a case open with F5 and captures provided. Thanks in advance... Josh Becigneul54Views0likes3CommentsHOW TO HIRE A HACKER TO RECOVER STOLEN BITCOIN. CONTACT FASTFUND RECOVERY
To be honest, whether lost bitcoin can be found or not depends on how it was lost and because of this, one needs a professional recovery expert like Fastfund Rcovery who will help you get back your lost bitcoin/funds. This Professional recovery Agent helped me recover my stolen 95,440 USD worth of bitcoin effortlessly. His service is not only quick but professional and reliable. I contacted Fastfund Recovery when I had invested in a fake crypto investment platform that cost me 95,440 USD Two months back. I saw an ad on Google on how one can invest on a certain investment platform and earn more and I thought the investment project was a great one that would yield me massive profit but I was wrong. I did invest because I had some cash saved for such an opportunity. I checked my account and I was glad that I indeed made a profit and now the problem came when it was time to withdraw the cash. I tried to withdraw the money for 3 days and that was when I discovered that I had to add more cash for the withdrawal. I promised myself I wouldn’t do this, and that’s when I contacted Fastfund Recovery. I discovered him through a positive review I saw and reached out to him via email. It was such a huge relief when he was able to recover my bitcoin funds. Contact his team today on: Fastfundrecovery8@gmail.com Telegram:@fastfundsrecovery website :fastfvndrecovery.com13Views0likes0Commentsrewrite Azure AD response for portal access via web portal
Hi All, I have a web portal where access to it is done via SAML authentication with AzureAD. I have a portal access called VIP_Maintenance configured on this we portal, the APP VIP_Maintenance is a web site on this web server (mywebserver.xyz.com) which also configured for SAML authentication. This web server hosts multiple web sites, so the one for VIP_Maintenance is (mywebserver.xyz.intra/azure). Other resource is /signin-wsfederation, this is where I should land after the successful authentication with Microsoft. So when I try to access to the web portal using my user name and password, F5 sends the request to AzureAD and I receive a code on my cell phone which I enter and access is granted. Now when I click on the portal access icon (VIP_maintenance), the web portal rewrites the request to this: https://web-portal-azuread.viarail.ca/f5-w-68747470733a2f2f7669706d6e74632e746573742e696e747261$$/azure then I see my browser communicating with Microsoftonline for authentication and I see the reply from AzureAD like this: https://login.microsoftonline.com/007eae9f-b0c2-4137-a710-16d67a6568a1/wsfed?wtrealm=https%3A%2F%2Fvipmntc.test.intra%2F&wctx=WsFedOwinState%3DaQm7wom_iiDcspTp4F75-SNiAH6ulYFzgGdxezLukSK9-twIS0gTcgMY7dprTnf7OmROGo1XmkiLAbaVs4L8ISgubrF5FaUtbeIdn7ywnn0JvUYlwclAR1V3GwiWN9VkfNE5hThiW2bzM1tV1arZ6IahGZgjBiVVLSCn2BzTdFdu73Ck709An2sk1IVDfV-26FbvGHbUJyYjK-fnc5iiCw&wa=wsignin1.0&wreply=https%3A%2F%2Fvipmntc.test.intra%2Fsignin-wsfederation right after, the url changes to this: https:// mywebserver.xyz.intra/signin-wsfederation, and I get an error this this page cannot be reached which is understood as mywebserver.xyz.intra is not exposed to internet. Now, what I need to do is to make F5 rewrite the response from Microsoft in to this url: https://web-portal-azuread.viarail.ca/f5-w-68747470733a2f2f7669706d6e74632e746573742e696e747261$$/ signin-wsfederation , instead of https:// mywebserver.xyz.intra/signin-wsfederation. Any Idea how I can achieve that? Your help is highly appreciated. regards,21Views0likes1CommentiRule resulting in too many redirects
I have two requirements with my virtual server. 1. A redirect to /pc/service/SSOLogin 2. 24 hour persistence based on the JSESSIONID cookie in the request header. The first one was accomplished early on with a policy that redirects to location '/pc/service/SSOLogin' at request time. This has worked without any issues until I tried to implement the JSESSIONID persistence. To accomplish the second, I created an iRule to be used with the Universal persistence profile. When I implemented this persistence profile, the redirect policy no longer worked. My assumption was that the iRule and the policy were conflicting with each other. To resolve this, I created a single iRule to handle both of these requirements. Now, I am getting too many redirects. The iRule is below. when HTTP_RESPONSE { ## PERSISTENCE # If the JSESSIONID exists, we'll pass the cookie along if { [HTTP::cookie exists "JSESSIONID"] } { persist add uie [HTTP::cookie "JSESSIONID"] 86400 } } when HTTP_REQUEST { ## PERSISTENCE # If the JSESSIONID exists, we'll maintain that persistence if { [HTTP::cookie exists "JSESSIONID"] } { persist uie [HTTP::cookie "JSESSIONID"] } ## REDIRECT # This grabs the base url from the incoming request # For Example, https://my.site.com/some/path the base_url is set to https://my.site.com set base_url "https://[HTTP::host]" # Defining the new path set new_path "/pc/service/SSOLogin" # Construct the new URL # For example, https://my.site.com/pc/service/SSOLogin set new_url "$base_url$new_path" # Redirect to the new URL HTTP::redirect $new_url }38Views0likes5CommentsWhat happens if I only enable ASM in BIG-IP Under System > Resource Provisioning
Hi; Let's say that I have a Big-IP device licensed for LTM and ASM. However, only the ASM module is enabled under System > Resource provisioning with a level of nominal. I know that in this case, you can have a pool of only one member, but just to double check my information, I want to ask this questions: Is my understanding above incorrect, and in this case, the system does load balance to multiple pool members, or I should enable the LTM module for this to happen? Kindly Wasfi21Views0likes1CommentMigration from i series 10200 with 1 child VCMP to r series 10900 series
Looking for a case study for Migration from i series 10200 with 1 child VCMP to r series 10900 series There is no document or data available for configuration conversion except one video on youtube about journey tool, if it is an official migration tool why there is no article or documentation available on f5 site, only a small article on github Can someone please helpSolved1.5KViews1like9CommentsWhat is the meaning is 52% block in WAF
Dear All Hope you all doing well. In the last couple of days when I checked the event one piece of info caught my eye which is request count 722 (52.3546% blocked). Most of the event shows 100% blocked but why it is not 100%? Can someone describe to me why it is not 100% why it is 52.3546? Waiting for someone's reply.26Views0likes2Comments