Below is a script to allow a general way to Secure and HttpOnly cookies. It looks at the incoming port and sets Secure & HttpOnly when it's 443 and HttpOnly when it's 80. #############################…
i'm facing a problem with AX1030 as it only redirect the traffic to only one server and not redirect any traffic for the other server. Top logy: 2*AX1030 connected to two servers in routed mode
We have a need to support numerous services behind a single VIP. URL switching makes this fairly easy, however some sites use client-ssl, and other sites use client & server-ssl. What would an effecti…
Hello, I have a server running two web based services, both on port 443. I'm using host headers to differentiate between the two. We have a need to add a second server for redundancy purposes. I'm cur…
I would like to set up health-checks for several URLs per real-server, and I understand I can do this with compound checks. However, if one of the URLs fails on all real servers I don't want the entir…
Hi folks. I have a couple of AX3200s in HA active-passive mode, with several partitions. In one partition "test" I want it to have a connection to two different VLANs - EG. VLAN1 10.0.1.0 and VLAN2 10…
Here is my collectd cfg to get cpu data of an ax. You can use it to graph it with graphite. my_types.db: a10_cpu lambda:GAUGE:0:100 a10-snmp.conf: # A10 CPU SNMP Checks # Type "cpu" Table false Instan…
When you need the client certificate on the real server: when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert}when HTTP_REQUEST { set cert [session lookup ssl [SSL…
Server Name Indication is a feature in 2.7 that allows you to simplify your config by defining only one HTTPS VIP, but serving multiple certificates for different domains from this same VIP address. S…
In 2.7.0-P1 a new command has been introduced to aFleX persist size uie [global] If global is specified, the number of persistent entries in the entire partition is returned. This means you can for ex…
When you have a need for an empty gif to be generated. Unfortunately I am not able to post the actual code, but you can find it here: http://high5.nl/paste/view/93274853
When you want to reject or drop queries to a certain domain. The class-list: class-list cl-dns string str .example.tld dropstr .example2.tld drop! The aFleX: when DNS_REQUEST {if {!([DNS::question nam…
If you want to use aFleX for Authentication and have an external store for users. class-list passwords string str user1 d154c51df37bd33b29cec5aa51efd29f5a6a6f1e! when RULE_INIT { set ::AUTHENTICATED "…
When you don't want to allow certain DNS queries to be send to the DNS server. when RULE_INIT { set ::DEBUG 0}when DNS_REQUEST { if { $::DEBUG == 1 } { log "Question: name: [DNS::question name] - type…
################################################# # # aFleX script to provide Basic HTTP Authentication # without the need for an external database. # # The class-list for authentication is called # "…
################################################### aFleX script to provide API port translation.## Requires real servers en ports to be configured# and to be member of a service-group.# On the VIP it…
################################################### aFleX script to provide Header Enrichment for# the purpose of policy based Traffic Steering. # # This comes in 2 parts.# 1) Script that is bound to …
################################################### aFleX script for host based cache selection.## Contents of the array ::CACHEURLS needs to be in# the form:# "" ""## For example:# "youtube.com" "cac…
Here is my little script which is used to migrate a few hundred server from our f5 bigip's to a10. It's really simple and not very smart but it works for us. It doesn't care about the health check and…
A little irule which is helping me spotting errors while migrating configs to a10. when HTTP_REQUEST { set object "[HTTP::host][HTTP::path]" } when HTTP_RESPONSE { if { [HTTP::status] eq "404" } { log…
################################################### aFleX script to make decisions based on the CA# and Common Name of a Client Certificate.##################################################when RULE_…
Hi all, We are trying to set up an application on two servers fronted by the A10. Everything functionally up but clients cannot access the web pages. As an example the VIP url is https://test.ntu.ac.u…
Aloha, I was wondering how to implement a TCP::remote_port redirect, as we are not using Layer 7 on the A10s. Example-> client connection -> VIP :80 -> aFlex -> service_group :443 I see some examples …
Hi all, We have two SoftAX's used as Lab devices. I can communicate with them via the management interfaces, however, no communication via the Ethernet interfaces. These need to be trunks to pass the …
I'm facing a problem when i use Nate IP with one arm mode so all clients reach to the servers with the same ip so the team who is responsible on these servers can not make any trace or trouble shoot f…
i have a problem the web logic application using the T3 protocol to communicate to the BRM database , on the Weblogic im pointing the VIP of BRM im using TCP protocol but they can't communicate, do yo…
Recent Customer asked for a way to drop or reject the HTTP TRACE method for PCI compliance. Thanks to JonD here is a quick aFleX to do that. when HTTP_REQUEST { if { [HTTP::method] eq "TRACE"} { rejec…
We just moved our LDAP service to our new A10 load balancers. Our PROD partition (which is where our LDAP virtual server is on) is running in one arm mode utilizing a snat pool. Every thing is working…
