Posts

BigIP LTM splunk irule High Speed Logging

The below is the splunk irule used to log to splunk using High Speed Logging, basically here we have set custom entries to send to our logging but you can see obviously how flexible you can be with this in regards to what you would like to log, this works with BigIP version 10 and version 11

Example BigIP Splunk Log entry from iRule

BigIP F5 LTM iRule replace pre-existing X-Forwarded-For headers

The below iRule will look for an existing HTTP Header “X-Forwarded-For”, strip it then it will insert a new one with the client IP address.

BigIP F5 LTM iRule Balancing Decision

Change pool based on URI

Path check match

BigIP F5 LTM iRule URI based persistence

The client requirement is to enable URI based persistence for the traffic that is going to the cms path? (eg. https://uk.domain.com/apiv2/cms/ )

BigIP LTM iRule redirect if pool servers unavailable

Redirect request if servers not available

Change pool if servers not available

BigIP F5 LTM iRule Setting HttpOnly flag on HTTP cookies

Not all cookies returned by the clients’ application have HttpOnly flag. This flag is required in order to prevent client-side scripts (i.e. javascript) to access the value of the cookies.

In order to overcome this we can configure F5 BigIP to inject ‘HttpOnly’ flag if it’s not there.

Requirements

# HTTPS/SSL offloaded to the F5
# HTTP profile applied to the HTTPS Virtual Server

BigIP F5 LTM iRule Set ‘secure’ flag on HTTP cookies

After a security scan, the client found out that some of the cookies are returned by servers without ‘Secure’ flag set. Unfortunately, the application returning incorrect cookies is created by 3rd party and there is no option to fix it. Lack of ‘secure’ flag causes cookies to be transmitted by browser through HTTP, while HTTPS only is desired.

A solution to this problem was to configure an iRule on the F5 to Set ‘secure’ flag on HTTP cookies returned by server.

Requirements

# HTTPS/SSL offloaded to the F5
# HTTP profile applied to the HTTPS Virtual Server

BigIP F5 LTM iRule Selective BackendSSL

BigIP F5 LTM iRule SNAT based on source address

Below is an example where SNAT based on source address will be applied.

BigIP F5 LTM iRule Rewriting HTTP values

Simple URI rewrite

Create new Header that contains original HTTP::host value