-
Health monitor timing
Posted by shakedown1979 Background: I have several Apache hosts (~60) on a single instance -- all of which need basic http/https monitors. I have matched the interval/retry/timeout values close to what our previous load balancers used. Here is an example of one of the new monitors: health monitor M-HTTP interval 10 retry 1…
-
Custom Roles and Radius
Posted by jgreen When using preconfigured roles in radius, a vendor assigned attribute of 2, and a decimal value of 1-12 it works; however, when I create a custom role what value should be used for the attribute format and value?
-
RAM Cache Security
Posted by patricko0317 A question has arisen as to the security of the RAM Cache. Some of the objects we are caching containg personal, private information. We need to make sure that the RAM Cache is secure and that this data cannot be accessed inadvertently or maliciously.
-
The Official World IPv6 Day Thread
Posted by pnicholcon Any thoughts, observations or comments on World IPv6 Day? We'd love to hear them. Post away.
-
aFlex to Selectively Insert /owa for Exchange 2010
Posted by kberton A10's Deployment Guide for Exchange 2010 provides the following aflex script to insert /owa into the path of any request where it doesn't already exist. However, this seems to break the Exchange Control Panel (ECP) which is accessed under /ecp. Any advice on editing this script to accommodate requests to…
-
aFlex to Change URI Case in a certain location
Posted by TODDH We have a very simple aflex that we currently us to convert the entire uri to lower case: when HTTP_REQUEST { HTTP::uri [string tolower [HTTP::uri] ] } We need to modify that aflex so that it only executes the “tolower” to a portion of the uri. The portion of the uri that we need to convert to lower case is…
-
ICMP6 Type 2 (packet too big) messages ignored?
Posted by kirbini I've been told, and and am trying to confirm (here and through testing) that the AX series (all of them) do not honor IPv6 ICMP Type 2 messages. These messages indicate that fragmentation is needed but when we use the AX1000 as an IPv6 VIP in front of an IPv4 server group the AX does not properly fragment…
-
How to respond with a 301 permanent redirect?
Posted by TODDH Guys, Do we have any way of responding with a 301 (permanent redirect)? I need a way to inform the search engines that my customers location is permanently moved. Thanks, -Todd-
-
xAPI getstatus- PHP
Posted by JackofallTrades Below is a sample of code for accessing the xAPI via PHP. I am using xPath and pear HTTP/REQUEST2. I am not a coder so ignore my slop. First I define the login information and the xAPI path. The code snippet is ax_main.php Code: <?php//pear install HTTP_Request2require 'HTTP/Request2.php';//define…
-
Persistence Across VIPs
Posted by jpearcy I have persistence working with no issue one most of our VIPs. The problem we are running into right now is that one of our apps makes calls between two VIPs. We need to keep persistence between those two VIPs. The kicker here is we are already using an aflex script on one of the VIPs SSL port so we have…
-
How to use " in my output?
Posted by tcp-me Sorry for the newbie questions, but how do I print “ in my output? For example when LB_FAILED { HTTP::respond 200 content "<html><head><title>Apology Page</title></head><body>We are sorry, but the site you are looking for is temporarily out of service<br></body></html>" But if I put in a link, it requires…
-
Switch sites to insert cookie
Posted by tcp-me I'm wondering if anyone has a good idea on how to do this. My company's site is say... abc.com My customers who use our service get customer1.abc.com. We've been inserting our cookie for abc.com to track usage and session. Now my customers want survey.customer1.com to be the domain, but they'll resolve the…
-
Server selection based on URI
Posted by ddesmidt One of our customers had a special request and I want to share it with you so you can enjoy our solution if you have similar needs They have 20 servers named S1 to S20. In the URL they give to their customers, each unique URL has to go to a specific server. Example: www.xyz.com/work/S2/etc/index.html.…
-
Adding "HttpOnly" to Cookie
Posted by mischa If you need to add "HttpOnly" to a cookie: Code: when HTTP_RESPONSE {if { [HTTP::header exists "Set-Cookie"] } {set cookie_value [HTTP::cookie "TestCookie"]HTTP::cookie remove "TestCookie"HTTP::header insert "Set-Cookie" "TestCookie=$cookie_value; HttpOnly"}} I found that this works very well.
-
Logging traffic flows in syslog
Posted by mike_larue@agilent.com We are looking for a way to log traffic flows in syslog so that we can get a clear picture of the client IP/VIP and SNAT/Server IP binding. We woudl like to see: timestamp; client IP; VIP; SNAT IP; Real Server for each flow that is created. Do you have the aFlex code available for this?…
-
prevent Src IP Persistence to sorry server
Posted by kberton Attempting to create an aFlex that will set Src IP Persistence for all servers in a service group *except* for one server which is being used as a sorry server. I am setting priorities in the service group for each service and default behavior of AX is to apply the same persistence template to all member…
-
Select group based on AX system date
Posted by kyang A customer wanted his AX to direct the traffic by AX system time. Example: direct the traffic by AX date number,if the number is even then direct the traffic to sg-even,else to sg-odd. Here is how: Code: ------------------------------------- when CLIENT_ACCEPTED { set curdate [TIME::clock seconds] set…
-
Skipping Large Content Size for HTTP Collect?
Posted by TODDH How would I add an if / else to check for HTTP content-length and only perform collect when the size is smaller than 1MB / 1.2MB? when HTTP_RESPONSE { HTTP::collect } when HTTP_RESPONSE_DATA { set clen [HTTP::payload length] regsub -all "elm" [HTTP::payload] "elm" secureurls HTTP::payload replace 0 $clen…
-
Template settings, chasing the enabled value..
Posted by SvenA Hi, I am somewhat lost in the server/server port template wilderness. Any guidance would be greatly appreciated. I am trying to figure out which setting overrides the other on a server / server port. Let's try a simple example: I have a pool of servers all serving content on server port 80. I am controlling…
-
TCP Buffering
Posted by jmaddox Is there a way to customize tcp buffering parameters in AX?
-
cookie persistence for PCI audit
Posted by brunov To successfully pass a PCI compliancy test, one of my clients moved from cookie persistency to aFleX persist uie persistence. The cookie persisten uses the same cookie value for each server. The below aflex creates a random 10 character string for each user. Code:…
-
The question about the DDoS Protection
Posted by fitwate How to use the parameters(Out-of-sequence packet), Please explain the "Out-of-sequence packet",Thanks. If we open the DDoS Protection in the Global ,How to view the results after the opening DDoS Protection ? For example, if the AX2200 to prevent some of the ddos attack, how we view those elements…
-
AX CPU Number of issues
Posted by fitwate ============= Version Info ================= AX Series Advanced Traffic Manager AX2100 Copyright 2007-2010 by A10 Networks, Inc. All A10 Networks products are protected by one or more of the following US patents and patents pending: 7716378, 7675854, 7647635, 7552126, 20090049537, 20080229418,…
-
GSLB and HA
Posted by kirbini Hi, All. I have 2 working HA pairs (active/standby) of AX1000. Each pair is in a different datacenter and we would like to add GSLB between datacenters. A couple of questions come up and I was wondering if the voice of experience may be lurking about. First, are there any gotchas to watch out for when…
-
Tab in log statement using aFlex
Posted by brunov When creating a log statement using aflex, is there a way to add a <tab> so that the log could be tab separated? See example: Time: 10:31:21 <tab> ip: 192.168.1.1 <tab> request: www.example.com/index.html <tab> query: ?uejdmski89e7ks sorry, this interface does not accept white space, so see <tab> as an…
-
Change ssh AX default port 22 to another
Posted by fitwate My customer want to change ssh default port 22 to another (65534). Please advise to solve this problem Thank you very much
-
Select group based on TCP contents
Posted by a10jliu User Scenario: Need to use one VIP (same IP) for different applications. All applications run on smart phones which has its own client; choose different service group based on the the first 2 TCP Payload bytes. Code: when CLIENT_ACCEPTED { TCP::collect 2 } when CLIENT_DATA { if { [TCP::payload 2] equals…
-
aFleX for Exchange Server
Posted by a10jliu Came from a real-world deployment: Customer using Exchanger servers and need this: 1: http redirect to https: //x/owa when user tries to connect the host with no uri 2: certain directories are open to all, since these are push-mail related and user might access from Internet 3: all other directories are…
-
Manage multiple interal servers by one public IP
Posted by a10jliu One of my customers has hundred of internal servers which need to map to one public VIP, using different port to manage. We came up with this idea to use aFlex to map different servers and ports systematically : But remember the node used in aFleX still must be defined by slb server and include in a…
-
Separating HTTP from non-HTTP content on port 80
Posted by tcp-me Can an aFlex switch HTTP content to my cache servers and non-HTTP content over the same port directly out to my firewall? My cache servers throw up a lot of error messages when non-HTTP content (such as P2P or Video) runes through it. Since it can't cache it, it would be great if the AX can switch it for…