URL rewrite
I'm trying to figure out how to write a policy or iRule that will modify a URL For an example, a number of URLs (url1.mycompany.com, url2.mycompany.com, url3.mycompany.com, etc) point to a virtual server on our F5. I would like to create an iRule or Policy that will modify or rewrite the URL before routing the traffic to the nodes in the Pool to be (url1.ce2.mycompany.com, url2.ce2.mycompany.com, url3.ce2.mycompany.com, etc). In other words I need an iRule or policy that rewrites *.mycompany.com to *.ce2.mycompany.comSolved82Views0likes5CommentsRefresh "older" APM Policy?
Hey all, Was curious to hear anyone's opinions on at what point during the lifecycle of an APM policy (for instance, i have one that has roots in v11.5) should I consider building a fresh one? Similarly, is there any guidance on converting a policy to Modern templates? Thanks, Josh173Views0likes4CommentsASM block page for use with API waf policy
Hey all! I´ve setup a asm waf policy for a webservice that handels api calls. But the standard response on a block is a 200 OK with the block webpage, which works great if a person can see it on the screen.. when it´s an api call the service just gets a <!DO (the first characters of the webpage) and a 200 OK. What I want to do I just return a 403 / 503 (or something like that) and just respond with the support ID in a header back to the source. I´ve got most of it figured out, except the header part... So... doesnt anyone know a good way for me to insert a support ID to a header response back to the client?Solved1.7KViews0likes17CommentsIs it possible to use the following Irule syntac with TCL in a policy ?
Hello, I've setup some code in an Irule . This concerns a code that will take the URI, within this uri, search for first directory in the path and put it tolower before sending it to the server. set uri [HTTP::uri] set block [lindex [split $uri /] 1] if { $block ne [string tolower $block]} { set block2 [string tolower $block] HTTP::uri [string map [list $block $block2] $uri] #log local0. "Rewrited part of the URI : $block2" #log local0. "URI Send to Back-end application : https://[HTTP::host][HTTP::uri]" } Is it possible to put this code in a TCL within a policy rule ? I need to replace the first directory of the URI (ie: "/APPLICATION/dir1/DIR2/index.html") to lowercase /application/dir1/DIR2/index.html ( the rest of the URI must stay intact, only /Application/ part must be set to lowercase. Thanks in advance. Regards Frédéric491Views1like2CommentsSecure Cookie when the VIP is requested by IP (not URL)
Hello. I have a VIP config where the pool member is the one handling the cookie to the client. The pool member has a limitation when the client access the VIP via IP (not URL), the cookie is served not secured. I created this iRule which one of the side effects is an increased in the CPU utilization. when HTTP_RESPONSE { set cookies [HTTP::cookie names] foreach aCookie $cookies { HTTP::cookie secure $aCookie enable } } Is this the most efficient way? Is there a way to use a policy vs an irule? Thank you J349Views0likes2CommentsWill auto policy builder handle wildcards parameters like PAR1, PAR2, PAR3 -> PAR?
Hello, I am currently building up a policy in manual mode. Due to the size of this application, it requires a fair bit of work to add all parameters to the policy. A lot of these parameters are in the following form; PAR1 PAR2 iPAR1 iPAR2 PAR3 PAR4 ... PAR11 ... Does the automatic policy builder correctly build wildcard parameters with the numbers as a wildcard? Thanks. Regards234Views0likes1CommentKeeping the original protocol in a policy
Hello, I am configuring a policy which will redirect to another URL keeping the original protocol (http or https) and URI. The URI is OK tcl:https://newURL.com[HTTP::uri] How I can do the protocol? If this is not possible, I guess I can have two rules/actions: one for http, one for https. Please comment Thank you Julio245Views0likes1CommentHTTP Policy
Hello, I am attempting to write an HTTP Policy that validate several aspects (HOST HEADER & URI) of a request before forwarding on to the default pool. When I had single values the policy was working great, now that I've add multiple values I no longer get the desired outcome. When I the apply URI check it begins to RESET all traffic. The check of /status and the HOST HEADER work without issue. Thanks! ltm policy /QA/API_SERVICES { controls { forwarding } requires { http } rules { ALLOWED_SERVICES { actions { 0 { log write message "DENIED ACCESS TO WEB SERVICE" } 1 { forward reset } } conditions { 0 { http-uri path not contains values { /favorites/ /users/ } //ONLY PERMIT IF URI CONTAINS ONE OF THESE VALUES } } ordinal 3 } DROP_STATUS_PAGES { actions { 0 { log write message "DENIED ACCESS TO STATUS PAGE" } 1 { forward reset } } conditions { 0 { http-uri path ends-with values { /status } //BLOCK ACCESS TO STATUS PAGES } } ordinal 2 } HOST_HEADER { actions { 0 { log write message "INCORRECT HOST HEADER" } 1 { forward reset } } conditions { 0 { http-host host not values { service1.domain1.ca service2.domain1.ca } //DOES THE HOST HEADER CONTAIN EITHER OF THESE VALUES } } ordinal 1 } } strategy /Common/first-match }224Views0likes1CommentPush Policy through REST or "tmsh -c" to 50 LBs
Hi! I am trying to push a (default) policy to all my 50 Lbs (running 12.1.4) where part of the rule is a location redirect value: tcl:https://[getfield [HTTP::host] ":" 1][HTTP::uri] I am having issues send the ":" Any suggestions? Thank you in advanced J273Views0likes1CommentAPM directing user flow based on LDAP query
Morning, What is the best way to address the following situation: APM VPE is a basic setup: Logon Page -> LDAP Query -> LDAP Auth -> SSO Cred Mapping -> Allow Complicated part comes with the LDAP Query branch rules. Aside from the state checks that I need to make, there is a variable I fetch that can have 3 states (0, 1, 2). Each of these states will have unique branches to direct the user to different locations. How do I tell APM to do this? Logon Page -> LDAP Query -> state=0 -> Not authorized -> back to front door (end point?) -> state=1 -> Undetermined state -> go to a specific location on a backend server -> state=2 -> Authorized -> go to default location (LTM default pool picks this up?) -> Allow I thought it was done with adding a "Pool Assign", but then I don't see a way to specify a specific location on the destinations web server to go to. (ie. http://webserver/a/b/c.html) Not clearly understanding which fires first, I have been thinking that maybe I should be using APM Policies or iRules to trigger the event to go to specific locations as well. Any advice would be appreciated. Thanks, -War353Views0likes4Comments