-
TCS Smart LB to caches
Posted by mischa Code: when RULE_INIT {set :: CACHEURLS [list "youtube.com" "googlevideo.com" "google.com" "facebook.com" "google.de" "apple.com" "fbcdn.net" "clipfish.de" "googlesyndication.com" "337.com" "aol.com" "bigfishgames.com" "bigpoint.net" "bild.de" "chip.de" "doubleclick.net" "comput erbild.de" "dailymotion.com"…
-
Collect different info from different Webmail clients
My goal is to log different information from Webmail clients than from ActiveSync clients. It seems the most obvious way to distinguish the two clients is from the HTTP::URI. So I've written the following script, which sadly has an error somewhere in it; line 19 according to the A10. when HTTP_REQUEST { if { [HTTP::method]…
-
Persistence for http host url
Hello, I am new on the aFlex world, I have created a few rules myselft, but I might need some help on this next rule... basically what I want is to force persistence when visiting a particular site, for example s1.domain.com I want it to go to the same back end where it last was, so I think the aflex rule would look like…
-
Geolocated redirect aFlex
Hi team, Just a quick message to advertise about a specific aFlex adaptation I had to do. The actual iR**le is defined as following: when HTTP_REQUEST { set url [string tolower [HTTP::host]] if {$url ne "es.sites.xxx.com"} { switch [whereis [IP::client_addr] country] { ES { HTTP::redirect http://es.xxx.com } IT {…
-
Allow a connection based on source IP to a URI
How would I allow a connection based on source IP (or serveral source IPs) to an URI? I know in the f5 I can just create data groups and do a class match, but I am not sure how to do it on the a10.
-
insert www
I have an aflex that inserts www if they come in without it and redirects to https://. it works fine if they come in on http, but does not work if they use https. the aflex is bound to both the 443 and the 80. http://xyzsite.com (works) https://xyzsite.com (does not work) when HTTP_REQUEST { if {[HTTP::host] starts_with…
-
Setting a Cookie with Secure and HTTPOnly
Posted by TODDH We are in the process of going through some compliance audits, and the cookies that the load balancers use to return packets to specific servers can contain the “secure” attribute but we don’t have a way to include the “httponly” attribute. Is there a way with an aFlex to set both? Thanks, -Todd-
-
cookie encryption
I am working on an aflex to encrypt the value of a cookie when sending it to the client, and decrypting it when sending it to the server. Is there a way to improve the b64encode security. IOW, how do I get better encryption of the cookie. Here is what I have so far: when HTTP_RESPONSE {set decrypted [HTTP::cookie…
-
Switching Service Group based on VLAN Tag
What's the best way to create an aFleX that directs users coming in on a specific VLAN to a specific service group? For example, VLAN 2 would direct to service group SG2 and VLAN 3 would direct to service group SG3, and so on. There could be quite a number of VLAN to service group matches, so the most efficient aFleX…
-
Health Monitor - SASP, SOAP, WMI and RPC
Posted by danguijun Good day guys, Is there a way to create separate Health monitors through aFleX to monitor the following protocols on real servers? - SASP (Server/Application State Protocol); - SOAP (Simple Object Access Protocol); - WMI (Windows Management Instrumentation); - RPC (Remote Procedure Call) I don't have a…
-
URL Switching / Stripping with aFleX and Switch
Posted by mischa Code:…
-
url or host switching based on source-ip
Posted by pwidman I have a customer who's commercial requirement is to ensure only specific networks (clients) access a host or URL. Today they are using an IRULE with a class-list to call out the networks that should be matched for a particular host. An example IRULE of what they have is pasted below when HTTP_REQUEST {…
-
exchange 2010 aflex
Posted by brunov I would like to use a single virtual ip address for exchange access and still be able to use cookie persistence for owa and ews, rewrite the owa uri, and be able to split my services later by sending them to different service groups. Do you see any issues with the following aflex? Code: when HTTP_REQUEST…
-
ACL based on L2 or L3 headers
Posted by danguijun Good day Folks, Is there a way to create an aFleX to behave like an ACL on AX to permit/ drop / pool traffic based on the following parameters? - Source MAC address - Destination MAC address - Protocol type (e.g. TCP, GRE, etc.) The latter (protocol) i found it on aFleX manual that we could use it as a…
-
Need assistance in creating a healthcheck
Posted by pwidman I have a customer who is looking to enable a healthcheck which does the following host:7287/widmansworld-ping while using a client generated ssl certificate with PKCS12 (.p12) and a password provided for authentication. Expected response: Text containing widmansworld=running All of this can be…
-
How to limit DHCP Discover
Posted by kiriro Hi I'd like to limit frequent dhcp discover from a specific client PC's mac in thermal runaway. This dhcp client send huge DHCP discover. I tried to apply "DHCP discover packet" to following rule, It's famous irule sample used as traditional ddos protection, and I changed $srcip to $mac, for this reason, I…
-
Token-based Persistence and SCCP inspection
Posted by danguijun Good day Folks, I would need please help to validate/ confirm the following: - Can we somehow do token-based session persistence through aFleX or natively? - If required, can we inspect through aFleX a SCCP header field in order to use it as a load balancing decision? Thanks in advance,
-
insert the client SSL certificate into a header
Posted by brunov How can I use aflex to capture the client ssl Certificate and insert in into an HTTP header. This can be used by the server to validate certain information about the client. Pre-requisite: • You must have 2.6.1-P2 ([X509::whole $session_data] is only available from that release forward) Code: when…
-
Persistance based on SIP Session ID
Posted by kmcewen@a10networks.com I have a potential customer that requires to achive IP Source (port based) pesrsistance based on the SIP Session ID. I.e that the client will persist if the connection is from the same session.
-
aFleX to drop persistent connections
Posted by TODDH I needed to drop persistent connections immediately when a health check fails. I used the below aFleX to check the status of the node and if it is anything other than "up" the connection is reset. Thanks, -Todd- when CLIENT_ACCEPTED { } when CLIENT_DATA { if {$s_ip equals "10.12.12.230"} { # Check if server…
-
aFleX Policy to Redirect a Specific SNMP OID
Posted by bmeckley I am looking for an aFleX example that can redirect an SNMP OID of ".1.3.6.1.9.9.41.2.0.1" to a specific server. This particular OID will contain syslog messages that will be sent to a Syslog server. All other SNMP traps will be directed to specific SNMP servers using a PBSLB policy. Thank-you
-
Using lsearch with host list
Posted by jay Hi, Would like a secondary/tertiary eyes on the following aFlex regarding using lsearch to find a match in a host list: Code:…
-
Apache Killer DDoS attack blocked by AX!!!
Posted by ddesmidt A recent Apache vulnerability has been found using the "HTTP Range" option. www.hacklabs.com/home/2011/8/24/research...partial-content.html This one can be easily prevented with your A10 Possible protection: AX could simply drop all requests with a "Range header". But the requests with a "Range header"…
-
ELECTION HASH
Posted by ivanm@a10networks.com Hi guys, We can do a similar aFlex? # MD5 calculation of Server + HOST + URI # Rule selects Server that scores highest # # S = Current high score # N = Node being evaluated # W = Winning node # # Set "myPool" to your pool name. # when HTTP_REQUEST { set S "" set myPool pool_name foreach N…
-
App switching and cookie persistency
Posted by jmaddox question from a customer. Aflex is likely not needed here: The domain is www.domain.com<http://www.domain.com> with a URI of www.domain.com/sf<http://www.domain/sf>, www.in-drive.com/sf-register<http://w...com/sf-register>, etc... I have 2 Service Groups: Service Group 1: Windows Server 1 Windows Server 2…
-
Filter DNS requests using Aflex
Posted by brunov I have the following aflex that will allow you to filter the DNS requests by hostname, and limit what will be load balanced to your DNS servers. Code:…
-
Default Path in Exchange 2010 (Shared VIP)
Posted by kmcewen@a10networks.com In the deploymant guide we say that we can not insert the /owa if it has been missed when using a shared vip for exchange services. As this was a requirement by a customer I have developped the following that worked with a bit of help (thanks all) when HTTP_REQUEST { if {[HTTP::uri] equals…
-
unknown command "elseif"
Posted by jmaddox What is the correct syntax to prevent the error indicating that "elseif" is unknown command? when RULE_INIT { # List of "part of URL" not autho "redacted"] set cookie_name "ua_lbdev_node_forced" } when HTTP_REQUEST { # Get node number from URL ending in /?node1, /?node2, etc. set node_forced [findstr…
-
Redirect HTTP based on client browser
Posted by patricko0317 I have a need for an Aflex script. I need it to redirect the browser to a different page based on the browser the client is using. If it is IE 9, I need it redirected. Will the following script accomplish this? Also, can I add this to the script you gave me for logging? when HTTP_REQUEST { if {…
-
Finding hostname.tld in FQDN
Posted by mischa This will find the hostname + tld from the FQDN. Basically removing "www." from the average request. www.a10networks.com becomes a10networks.com Code:…
