-
Sorry page based on number of users
In 2.7.0-P1 a new command has been introduced to aFleX persist size uie [global] If global is specified, the number of persistent entries in the entire partition is returned. This means you can for example generate a sorry page based on the max number of active users you want to allow. For example: when HTTP_REQUEST { set…
-
Generating an empty gif
When you have a need for an empty gif to be generated. Unfortunately I am not able to post the actual code, but you can find it here: http://high5.nl/paste/view/93274853
-
Block DNS queries with class-list
When you want to reject or drop queries to a certain domain. The class-list: class-list cl-dns string str .example.tld dropstr .example2.tld drop! The aFleX: when DNS_REQUEST {if {!([DNS::question name] equals ".")} { set fqdn .[DNS::question name]}if { [CLASS::match $fqdn ends_with cl-dns] } { drop log local0.INFO…
-
Form Authentication with class-lists
If you want to use aFleX for Authentication and have an external store for users. class-list passwords string str user1 d154c51df37bd33b29cec5aa51efd29f5a6a6f1e! when RULE_INIT { set ::AUTHENTICATED "no" set ::FORM_CONTENT "AuthenticationPlease AuthenticateUsername:Password: "}when HTTP_REQUEST { set client_ip…
-
Drop certain DNS queries (ANY and RD)
When you don't want to allow certain DNS queries to be send to the DNS server. when RULE_INIT { set ::DEBUG 0}when DNS_REQUEST { if { $::DEBUG == 1 } { log "Question: name: [DNS::question name] - type: [DNS::question type] - Query ID: [DNS::header id] - RD: [DNS::header rd]" } if { [DNS::question type] eq "ANY" } { if {…
-
Basic HTTP Authentication w/ class-list
################################################# # # aFleX script to provide Basic HTTP Authentication # without the need for an external database. # # The class-list for authentication is called # "cl-passwords" (default) of type "string" and has # to contain the following data: # str # # For example: # str user1…
-
Port translation for multiple hosts behind single VIP
################################################### aFleX script to provide API port translation.## Requires real servers en ports to be configured# and to be member of a service-group.# On the VIP it needs a VPORT 0 TCP##################################################when RULE_INIT { set ::DEBUG 0 set ::REALPORT…
-
Traffic Steering on Radius Attributes
################################################### aFleX script to provide Header Enrichment for# the purpose of policy based Traffic Steering. # # This comes in 2 parts.# 1) Script that is bound to a RADIUS VPORT.# 2) Script that is bound to a HTTP VPORT.#################################################### VPORT:…
-
Smart LB to Caches v2
################################################### aFleX script for host based cache selection.## Contents of the array ::CACHEURLS needs to be in# the form:# "" ""## For example:# "youtube.com" "cache_group2"##################################################when RULE_INIT { set ::DEBUG 0 array set ::CACHEURLS {…
-
Bash Hacking – F5 Nodes to A10
Here is my little script which is used to migrate a few hundred server from our f5 bigip's to a10. It's really simple and not very smart but it works for us. It doesn't care about the health check and just uses ping and it can't handle multiple ports... It also assumes that every server has a reverse lookup. If you don't…
-
Log HTTP Status Codes (for Example 404)
A little irule which is helping me spotting errors while migrating configs to a10. when HTTP_REQUEST { set object "[HTTP::host][HTTP::path]" } when HTTP_RESPONSE { if { [HTTP::status] eq "404" } { log local0. "404: ${object}" #Just to be sure.... unset object } }
-
LB decisions based on SSL CA and Common Name
################################################### aFleX script to make decisions based on the CA# and Common Name of a Client Certificate.##################################################when RULE_INIT { set ::DEBUG 0}when CLIENTSSL_CLIENTCERT { set CCcert [SSL::cert 0] set CCsubject [X509::subject $CCcert] if {…
-
Observium Module
One of our customers was kind enough to create an Observium module. You can find it at: http://jira.observium.org/browse/OBSERVIUM-452
-
Web re-direct on the AX3030
Hi all, We are trying to set up an application on two servers fronted by the A10. Everything functionally up but clients cannot access the web pages. As an example the VIP url is https://test.ntu.ac.uk. The DNS A record is 192.168.99.39. However, the actual page on the server is https://test.ntu.ac.uk/jukeboxdrm. Can this…
-
TCP port redirect
Aloha, I was wondering how to implement a TCP::remote_port redirect, as we are not using Layer 7 on the A10s. Example-> client connection -> VIP :80 -> aFlex -> service_group :443 I see some examples of TCP redirects, but wasnt sure on the correct usage/syntax, as it seems more complicated than a simple HTTP_REQUEST…
-
Interfacing SoftAx to ESX 5.1 standard vswitch
Hi all, We have two SoftAX's used as Lab devices. I can communicate with them via the management interfaces, however, no communication via the Ethernet interfaces. These need to be trunks to pass the various vlans from the VM's. The server guys are unsure how to do this as they are telling me that apply one vlan to each…
-
One Arm deployment problem aith Windos server 2010
I'm facing a problem when i use Nate IP with one arm mode so all clients reach to the servers with the same ip so the team who is responsible on these servers can not make any trace or trouble shoot for his clients as all of them reach to the server with the same nate ip So, who i can solve this problem without change the…
-
T3 protocol
i have a problem the web logic application using the T3 protocol to communicate to the BRM database , on the Weblogic im pointing the VIP of BRM im using TCP protocol but they can't communicate, do you have aflex or recommendation of this matter
-
Drop or Reject the HTTP TRACE method
Recent Customer asked for a way to drop or reject the HTTP TRACE method for PCI compliance. Thanks to JonD here is a quick aFleX to do that. when HTTP_REQUEST { if { [HTTP::method] eq "TRACE"} { reject } }
-
Is there a way to log snat transations
We just moved our LDAP service to our new A10 load balancers. Our PROD partition (which is where our LDAP virtual server is on) is running in one arm mode utilizing a snat pool. Every thing is working fine but our LDAP administrator is asking if there is a way to save a log file of the snat translations for the LDAP…
-
Search and replace
I need a way to see if a uri contains || and then replace all places it does with !!. Example: http://foo.bar.com/u?e=83||l||0||email@gmail.com||http://foo.bar.com needs to redirect to http://foo.bar.com/u?e=83!!l!!0!!email@gmail.com!!http://foo.bar.com.
-
External monitor script
Hi, I would like to create a external monitor health check that use SSH to login a linux server ,and send the command : “df -a” The answer expect contain the keyword “video” linux server ip:10.10.1.81 linux username:root linux password:whnm2013 How can I do this in script? Tks Best regards, Bon
-
Load Balance Syslog Server
Has anyone used the A10 Ax devices to load balance syslog servers? I have a request to do so, and was wondering if anyone could share their experiences. Will be using a pair of AX3200-12's (prod) and a pair of AX1030s (staging). Thanks Antony
-
Active/Standby with OSPF
Dear All, I would like to make two AX500's to work in Active/Standby mode with OSPF, where the default route is announced only by the active A10 in the pair. Is that possible? Please find the attached example topology. Thank you in advance. Best Regards, Nik
-
The website only load a blank page when use L7 "HTTP" SLB
Hi Team, I've just upgrade 3200-12 to ACOS2.7.1, One of web services (HTTP) could not be operated with old configuration: ..... slb virtual-server app_edocment_vserver 10.34.2.160 port 80 http ..... (The website only load a blank page). The website will load correctly when we change config "port 80 http" --> "port 80…
-
WAF and AAM module available
Hello, I would like to known if SoftAX release of ACOS 2.7.1 P1 with the WAF and AAM features is already available. Regards, HA
-
Transform Url to proxy squid
Hello all, I would like to implement the following configuration : Client --->SoftAX VIP--->Proxy (Squid)--->Original content server PS : Client browser CANNOT be configured with SoftAx VIP (pointing to the proxy). So, when the users request access to www.mycompany.com, the local DNS server resolves it to the SoftAX VIP.…
-
transparent caching specific content per server
hi i have a client that he wants to have a specific content per server, possible to help me what script on aflex. I have example below: server proxy1 (jp(e?g|e|2)|tiff?|bmp|gif|png) (cgi-bin) (php|jsp|cgi|asx) (php|jsp) server proxy2 (z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|deb|vpu) server proxy3…
-
Squid Proxy Heath Check
Hello, I'm currently evaluating A10 (so I'm a newbie !) and I have question about Health Check. I configured two Squid Servers for Load Balancing. The health check is done using a TCP session (to port 8080) and sending the command 'GET http://www.google.com\r\n". It works fine but I would like also check the Response HTTP…
-
aVCS doesn't sync to other unit
Hello, I have been struggling with aVCS with VRRP for a few hours this morning and am stuck. It appears that no matter what I do I can't get the configuration to sync to the other "blade". I should note, that I first had these systems fully configured in the traditional HA mode, but only moved to the aVCS configuration…
