Monday, September 2, 2019

URL Base iRule, Traffic redirect -F5 networks

are you working on F5 devices ? iRule is basic need now a day.
business come up with multiple requirement, in order to meet sticky requirement, you have to write iRule.

Here is URL keyword base iRule, Many time business need traffic need to require base on URI.

Below is example,

Requirement, :- Need to redirect traffic base on URI keyword
suppose business url is "www.example.com", However business want to redirect traffic like "www.example.com/abc", "www.example.com/xyz" and all other  , need to redirect different set of application servers.

you need follow below step also need to write iRule

  • Create 3 different pool base on require set of severs and services
    • for "/abc" --> create pool "pool_abc"
    •  for "/xyz" --> create pool "pool_xyz"
    • for default traffic --> create pool "pool_default"
  •  Create 3 different pool base on require set of severs and services
  • create custom monitor else default monitor  bind with pool
  • create below iRule
  • create VIP and bind pool and rule
  • iRule
when HTTP_REQUEST {
    if {[HTTP::uri] start_with "abc"} {
      pool pool_abc
     }
    if {[HTTP::uri] start_with "xyz"} {
      pool pool_xyz
     }
     else {
      pool pool_default
     }
    }

#iRule #BeF5 #F5network #learning #F5blogger #Blogger #F5community #Trafficredirect #network #Networktraffic #Redirect
TechnoLearningBytes
LinkedIN

Monday, August 12, 2019

The IRule for SSH Handshake Logging

The IRule for SSH Handshake Logging

This iRule would help you get an insight on what protocols or ciphers your clients are using. In case if you are planning to disable the TLSv1.0 and 1.1 in your F5 for any Virtual It is highly recommended that you enable this script for a week and capture the list of client IP address who are using the weak ciphers and deprecated protocols.


when CLIENTSSL_HANDSHAKE {
if { ( [SSL::cipher version] equals "TLSv1" ) }
{
log local0. "DETECTED-TLSv1.0-CONNECTION - LOG_SSL_LEVEL - Client: [IP::client_addr] successfully negotiates [SSL::cipher version] - [SSL::cipher name] - [SSL::cipher bits] - For the VIP - [virtual name]"
}
elseif { ( [SSL::cipher version] equals "TLSv1.1" ) }
{
log local0. "DETECTED-TLSv1.1-CONNECTION - LOG_SSL_LEVEL - Client: [IP::client_addr] successfully negotiates [SSL::cipher version] - [SSL::cipher name] - [SSL::cipher bits] - For the VIP - [virtual name]"
}
}
#F5 #F5LTM #iRUle #TLS #cipher #SSL #Handshake #Knowledgesharing Techno Learning Bytes