Welcome to the A10 Networks Community! For any questions or concerns, please reach out to our admins.

aFleX

Communicate with A10 customers and engineers about aFleX scripting A10 Networks' Thunder® Application Delivery Controller (ADC).

Supporting multiple services selective client-ssl and server-ssl w/ single VIP
We have a need to support numerous services behind a single VIP. URL switching makes this fairly easy, however some sites use client-ssl, and other sites use client & server-ssl. What would an effecti…
SNI class-list
90 views
3 comments
0 point
Started by cgutierrez
Most recent by ctjepkes@a10networks.com
Nov 25, 2013
aFleX
Supporting two services on same VIP and Host Port
Hello, I have a server running two web based services, both on port 443. I'm using host headers to differentiate between the two. We have a need to add a second server for redundancy purposes. I'm cur…
26 views
1 comments
0 point
Started by sabourinj
Most recent by mischa
Nov 22, 2013
aFleX
Inserting the client certificate in a header
When you need the client certificate on the real server: when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert}when HTTP_REQUEST { set cert [session lookup ssl [SSL…
323 views
2 comments
0 point
Started by mischa
Most recent by mischa
Oct 11, 2013
aFleX
Certificate Selection with Class-List (Alternative to SNI)
Server Name Indication is a feature in 2.7 that allows you to simplify your config by defining only one HTTPS VIP, but serving multiple certificates for different domains from this same VIP address. S…
607 views
0 point
Started by jon
Oct 11, 2013
aFleX
Sorry page based on number of users
In 2.7.0-P1 a new command has been introduced to aFleX persist size uie [global] If global is specified, the number of persistent entries in the entire partition is returned. This means you can for ex…
28 views
1 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Generating an empty gif
When you have a need for an empty gif to be generated. Unfortunately I am not able to post the actual code, but you can find it here: http://high5.nl/paste/view/93274853
27 views
1 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Block DNS queries with class-list
When you want to reject or drop queries to a certain domain. The class-list: class-list cl-dns string str .example.tld dropstr .example2.tld drop! The aFleX: when DNS_REQUEST {if {!([DNS::question nam…
129 views
3 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Form Authentication with class-lists
If you want to use aFleX for Authentication and have an external store for users. class-list passwords string str user1 d154c51df37bd33b29cec5aa51efd29f5a6a6f1e! when RULE_INIT { set ::AUTHENTICATED "…
20 views
2 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Drop certain DNS queries (ANY and RD)
When you don't want to allow certain DNS queries to be send to the DNS server. when RULE_INIT { set ::DEBUG 0}when DNS_REQUEST { if { $::DEBUG == 1 } { log "Question: name: [DNS::question name] - type…
74 views
1 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Basic HTTP Authentication w/ class-list
################################################# # # aFleX script to provide Basic HTTP Authentication # without the need for an external database. # # The class-list for authentication is called # "…
86 views
1 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Port translation for multiple hosts behind single VIP
################################################### aFleX script to provide API port translation.## Requires real servers en ports to be configured# and to be member of a service-group.# On the VIP it…
42 views
1 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Traffic Steering on Radius Attributes
################################################### aFleX script to provide Header Enrichment for# the purpose of policy based Traffic Steering. # # This comes in 2 parts.# 1) Script that is bound to …
159 views
1 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Smart LB to Caches v2
################################################### aFleX script for host based cache selection.## Contents of the array ::CACHEURLS needs to be in# the form:# "" ""## For example:# "youtube.com" "cac…
45 views
1 comments
0 point
Started by mischa
Most recent by mischa
Oct 9, 2013
aFleX
Log HTTP Status Codes (for Example 404)
A little irule which is helping me spotting errors while migrating configs to a10. when HTTP_REQUEST { set object "[HTTP::host][HTTP::path]" } when HTTP_RESPONSE { if { [HTTP::status] eq "404" } { log…
116 views
0 point
Started by daniel.neubacher@xing.com
Oct 8, 2013
aFleX
LB decisions based on SSL CA and Common Name
################################################### aFleX script to make decisions based on the CA# and Common Name of a Client Certificate.##################################################when RULE_…
29 views
0 point
Started by mischa
Oct 6, 2013
aFleX
TCP port redirect
Aloha, I was wondering how to implement a TCP::remote_port redirect, as we are not using Layer 7 on the A10s. Example-> client connection -> VIP :80 -> aFlex -> service_group :443 I see some examples …
75 views
1 comments
0 point
Started by eray
Most recent by dshin
Oct 5, 2013
aFleX
Drop or Reject the HTTP TRACE method
Recent Customer asked for a way to drop or reject the HTTP TRACE method for PCI compliance. Thanks to JonD here is a quick aFleX to do that. when HTTP_REQUEST { if { [HTTP::method] eq "TRACE"} { rejec…
CVE
40 views
0 point
Started by PhillipB
Sep 6, 2013
aFleX
Search and replace
I need a way to see if a uri contains || and then replace all places it does with !!. Example: http://foo.bar.com/u?e=83||l||0||email@gmail.com||http://foo.bar.com needs to redirect to http://foo.bar.…
5 views
0 point
Started by vosloco
Aug 20, 2013
aFleX
Forwarding Client IP in SMTP Header
Hey guys! I had a weird request regarding forwarding client IP's. We have our junkmail server's which currently are terminated directly to our old Cisco ACE load-balancer, and use the ACE as their def…
727 views
3 comments
0 point
Started by Evessal
Most recent by Evessal
Apr 3, 2013
aFleX
Conditional SNAT + aFleX rule
How to create an aFleX rule, where a connection started from a server_1 to the VIP can use the SNAT_1 IP address, and another connection started from another server_2 to the same VIP can use another S…
168 views
1 comments
0 point
Started by [Deleted User]
Most recent by [Deleted User]
Mar 15, 2013
aFleX
IP Based Authentication with pbslb
When you want to allow certain IPs to specific content. The PBSLB List: ! BWList10.0.0.1/32 110.10.10.10/32 1172.16.0.0/16 1 The aFleX: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/certain_url"…
89 views
0 point
Started by mischa
Jan 21, 2013
aFleX
dnsbl rule
Does anyone know if it is possible to apply an aflex rule to MX VIP and query a dns server and look for a specific response prior to allowing the traffic? F5 has a function that does this in irules. B…
37 views
3 comments
0 point
Started by [Deleted User]
Most recent by [Deleted User]
Jan 18, 2013
aFleX
AX Box Sending Email
Dears, Is there a way at which we can make the AX device sending email notifications upon failure of servers in the service group or upon negative health monitor results of the servers (server being m…
21 views
2 comments
0 point
Started by Hexen1988
Most recent by mischa
Jan 16, 2013
aFleX
Remove Accept-Encoding header
When you are not using compression in an HTTP template but you still want to get rid of the Accept-Encoding header. Or any other header. ;) when HTTP_REQUEST { if { [HTTP::header exists "Accept-Encodi…
34 views
0 point
Started by mischa
Jan 15, 2013
aFleX
Host based redirects with class-lists
In URI based redirect with class-lists I referred to new features in 2.7.0. The same can be done with Hostnames. The class-list: class-list cl-redirects string str a10networks.com https://a10networks.…
54 views
1 comments
0 point
Started by mischa
Most recent by [Deleted User]
Jan 15, 2013
aFleX
URI based redirect with class-lists
With the release of 2.7.0 it's possible to reference class-lists in aFleX and it's possible to store strings in a class-list. This combination simplifies the required aFleX needed as the lists of redi…
57 views
0 point
Started by mischa
Jan 15, 2013
aFleX
Form Authentication with aFleX
Quick and dirty way of form based authenticating users for specific URLs on a VIP. ### START ###when RULE_INIT { # List of users (with passwords) that are allowed to authenticate array set ::DOTPASSWD…
80 views
0 point
Started by mischa
Jan 15, 2013
aFleX
Basic Authentication with aFleX
Quick and dirty way of authenticating users for specific URLs on a VIP. ### START ### when RULE_INIT { # Set the REALM set ::REALM "Password Required" # List of URLs you need to authenticate for array…
164 views
0 point
Started by mischa
Jan 15, 2013
aFleX
aFlex and server-for-server backups
Posted by kberton I have 3 primary app servers and 3 backup servers in a SLB Service Group. Let's call them A1/B1/C1 and A2/B2/C2. In normal operations, all traffic will be LB'd to A1/B1/C1 and A2/B2/…
89 views
2 comments
0 point
Started by [Deleted User]
Most recent by kiran
Dec 18, 2012
aFleX
Wordpress SSL Issue
Good morning! I had a question regarding an issue our web developer team was having at our university. Apparently, they are having trouble with SSL when they require users to connect to their Wordpres…
X-Forwarded-Proto
518 views
6 comments
0 point
Started by Evessal
Most recent by Evessal
Oct 30, 2012
aFleX

Welcome to the A10 Community

aFleX

Discussion List