Problem: F5 iRules with “class match” crash sometimes with this message: /Common/UA_DETECT – ambiguous option “-“: must be -all, -index, -element, -name, or -value while executing “class match [string tolower [HTTP::header User-Agent]] contains UA_STRINGS” Discussion: the class match command has optional parameters, when the HTTP header User-Agent starts with a “-” it gets intepreted by […]
F5 iRule Class Match Crash Read More »
The list of TLS ciphers is changing quite rapidly, old ciphers are considered insecure, and new ciphers are added. When you configure a virtual server on an F5 you can add a TLS client profile, which means F5 is doing TLS to the client. I think this is a bit misleading because with “SSL client profile”
Configure F5 TLS (SSL) Cipher String Read More »
I had to upgrade several F5 load balancers from 11.5 to 12.1 in the last weeks. Usually updating F5 is quiet easy, but there are bugs or annoyances you should know: Sometimes F5 asks for re-activating after the first boot into the new version. It seems that you have to install the new version in a
Annoyances while updating F5 Read More »
Problem: F5 LTM is used als load balancer for multiple web servers. When the client opens a websocket connection to the web server, the connection is closed. Discussion: F5 LTM version before 11.6.0 has a bug in the request_log module (profile). The “request_log” module crashes and drops the connection. The bug is a known issue: https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16690.html Solution: If you
F5 Drops WebSockets Read More »
Problem: You have a network with two upstream routers and an F5 LTM loadbalancer. Even though the default gateway points to router R1 the F5 LTM sends packets to the mac address of R2. Discussion: “This is a feature not a bug”. This “Feature” is called “Auto Last Hop”. Which means the F5 answers packets allways
F5 sending packets to wrong destination? Read More »