-
How to perform a case-insensitive match of the requested URL path.
Hello, How can I perform a case-insensitive match for the requested URL path? For example: when HTTP_REQUEST { if { [HTTP::path] equals "/NotificationServer" } { pool example_service-group } } And a case-sensitive example is: http://host/NotificationSERVER Regards
-
Aflex inside another Aflex
Hi I wonder if it is possible to use an Aflex inside another Aflex, for example when HTTP_RESPONSE { if { [HTTP::status] == 404 } { Aflex "ERROR-404" } } is this possible? Regards
-
slb template persist cookie template as command Aflex
How can I call an slb template persist cookie template as command in an HTTP event For example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.168.1.10] } { pool example_server_group SLB slb template persist cookie "test" } }
-
Snat in NHLD with alternate server
Hi I have this scenario in a client´s infrastructure where they have 2 Internet links in active pasive mode slb server LINK-1 20.20.20.1 alternate LINK-2 port 0 tcp port 0 udp slb server LINK-2 30.30.30.1 port 0 tcp port 0 udp --------------------------------------------------------------------------- slb service-group…
-
Redirect traffic based on Destination IP
Hi guys I´m trying to redirect traffic based on destination IP using an Aflex, for example if a internal user sends traffic to 20.20.20.20 the A10 will redirect the traffic to a specified service group Aflex: Test #1 when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 20.20.20.20] } { pool APACHE } } Test #2…
-
Stop Processing of Subsequent aFleX Rules
Does anyone know if it's possible to have an aFleX rule that stops processing of subsequent aFleX rules that are attached to a virtual server? For instance, say I create an aFleX rule named "DontAllowIfBadIP" that has a conditional for detecting if the IP address should be allowed to connect. Then I have a second aFleX…
-
HTTP Origin header not matching the base_url.
Wedsite owner getting below error related to revrse proxy header below is te aFLEX rule which we had added on on A10, do we required any addition rules to this work ?? X-Forward ?? ======================================== when HTTP_REQUEST { set URI [string tolower [HTTP::uri]] switch -glob $URI { default { HTTP::header…
-
A10 vThunder ADC/SLB - Redirection based on URL
Hello, I will try to do more research to see if this was already covered in another post, but so far haven't been able to find exactly what I'm looking for. Is it possible to do a redirect based on which URL the end user goes to for whats described below? Or is this completely wrong and I should be looking for an…
-
A10 Cookie Header Setting
The A10 is currently writing a "Secure" attribute on some outgoing cookies because HTTPS traffic terminates at the A10 and the applications cannot add this attribute on HTTP traffic. However, it appears that instead of adding it to an existing cookie, we are seeing the header Set-Cookie being sent twice - the first time…
-
Persistence issue with aflex
Hi, I have a very simple script handling redirection to an outage server if my primary servers aren't available (see below). I have however got an issue that when persistence is applied (source-ip or cookie persistence), users are being persisted to the outage pool even after the primary service group is back online. Is…
-
F5 automap feature
Hi, I have one F5 with irule contain "automap snat", this functionality allows changing the IP when the destination is local to one of the F5 in order to prevent asymmetric routing. The automap options tells to BIG-IP to decide what source ip to use to reach the destination network. I rule like this when CLIENT_ACCEPTED {…
-
Retrieve the highest number of requests
If I want to add one more rule which is to black list the highest number of DNS query when the total number of DNS queries exceed the threshold value (i.e. $totalcount). How can I retrieve the IP address which has the highest number of DNS query? set totalcount [table incr tmp_table [IP::client_addr]] if { $totalcount >…
-
Block harmful traffic or attack via Websocket traffic
Hi Experts, We have a web server is running some services via Websocket traffic. Now we want to block harmful traffic, attacks like SQL Injection, XSS... like the WAF template works with HTTP traffic, but now is WebSocket traffic. Could you give me a detail aflex script or WAF template to do that. (One more point, we…
-
How to use the a10.acos_axapi.a10_file_aflex module in Ansible
Hello, I am trying to deploy aflex scripts to an a10 load balancer in Ansible with the a10_file_aflex python module in the a10.acos_axapi Ansible collection. However, everytime I run my script, there are some weird errors that appear about the syntax of the structure of my ansible task and some mistakes of the aflex…
-
aFlex script to filter URL
Hi experts do you have aFlex script to filter the URL that the users are trying to reach to the internet. Basically, I have AC type class-list and URLs are configured on it. Once I have verified in aFlex that the URL which the user is trying to reach is on my class-list then I will redirect the traffic to a specific ISP.…
-
DNS CAA record response
I am doing things like this: set rr1 [DNS::rr $name 0 IN TXT "some text here"] DNS::answer insert $rr1 Now I need to return a CAA record and can't find a way to format the entry to do this. A CAA record looks like this in a zone file. mydomain.com. IN CAA 0 issue "letsencrypt.org" mydomain.com. IN CAA 0 issuewild ";"…
-
Preserve Port on HTTP Redirect
Hi Everyone: We have an interesting issue we're trying to tackle. We have a Virtual Server with multiple virtual ports (http:80, https:443, https:4444, https:4445, etc). We currently have a working redirect script (similar to a lot of posts on here) for 80 to 443 and it is working fine for several of our virtual servers:…
-
is aflex has similar features like lb::detach
Hello everyone, we are trying migrate from F5 to A10, but we encountered some problems there is part of our using irule , when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/aaa/bbb/ccc/" } { if { [HTTP::header exists "aaa"] } { LB::detach persist uie [HTTP::header "aaa"] } } and we found that aflex didn't…
-
How to separate write and read for sql database?
I have four vm,it is three microsoft sql server 2012 and one microsoft AD,three sql sever auto synchronize date with always on mode. I want to separate write action and read action to different sql server,for example,If I execute select command,A10 will forward the query to read sql server,if I execute…
-
Monitoring via XML File GET
Hi guys, I have a web service that provides a URI that return XML indicating the health of the system. Is it possible to get this XML and parse it and make a load balancing decision based on this.
-
Aflex logic not taking precedence over session persit cookie
Hi, We have an aflex rule that redirects requests based on the url. There is also a persistence cookie set. The issue is when the url switches, the aflex logic should send the request to a new server pool, but the cookie appears to be taking precedence and forcing the request back to the original server the user was sent…
-
an example of a DNS external health monitor
Hi, Does anyone have an example of a DNS external health monitor? The monitor should query an A record and check the IP address and provide up/down status based on the IP address matching a given/set IP address. Thanks
-
Redirect to other url
Can we redirect to external url when all real servers failed health check.
-
AD group membership determine single factor vs dual factor Auth
I have a site where Active Directory group membership should determine whether users are prompted for single-factor or two-factor authentication. GroupA (single factor) - Windows server group NTML GroupB (two-factor) - RADIUS: duo I imagine there is away with an aFlex script after primary authentication to query group…
-
A10 Thunder URL match statistics
Hello, is there a way to have the match statistics for a URL? I will like to have the number of time a site is visited. I have this in real time and I have the logs, but going through the logs each time is too long and the real time information doesn't help. Any clue? Thanks in advance!
-
A10 configuration Guide
Hello, I'm new working with ADC and logically also with A10 Network products. I'm having a hard work trying to understand what is configured and how it works. I just get four of them, no one here knows how it's work or what is configured... I have some documentation but it's not helpfull, and I have a lot of question. So,…
-
URL access restriction
Hi all, I'm working on a vThunder 2.7.2-P10 that is publicing many URL form a single virtual IP. Now I need to deny access from some IPs only for some URLs (not for all). For example I have 3 sites: site1.example.com site2.example.com site3.example.com And some IPs let's say: 1.2.3.4 1.2.3.5 1.2.3.6 I need those IPs can…
-
outbound nat based on IP
I'm trying to configure LLB for ISP links and having some trouble with the outbound NAT. Basically when it goes out ISP1 it should default to NAT pool ISP_C for most users, but when it comes from one range (using individual IP in my testing) it needs to use NAT pool ISP_CTHSE Under my 0.0.0.0 VIP this aflex works: when…
-
SNI and AFLEX
Hi all, I have a problem with aflex configured on a VIP with a SNI template applied. On the VIP I have exposed application for domain1 (the default certificate in the SSL template) and 2 services for domain2. SNI template i sworking fine but now I need to add on the VIP an aflex like this: #Rewrite if {[HTTP::host] matches…
-
Don't Allow a URL containing an MS-DOS device name
Hi! I would like to use our AX1030 and aFlex to make sure that "Microsoft ASP.NET MS-DOS Device Name DoS"-requests get a 404.5 response "Microsoft ASP.NET MS-DOS Device Name DoS"-request have one of the following as a sequence in the URL: AUX CON PRN NUL COM1 LPT1 LPT2 LPT3 COM2 COM3 COM4 Any suggested way to solve this in…
