F5 BIG-IP EAV Script Gotcha

It seems DOS formatted carriage return characters are not removed from CR/LF text/sh/whatever formatted files by default. “WTF is the monitor not marking the pool up!? I just cut’n’pasted that bloody iApp provided EAV script out to file and uploaded it! It’s gotta be working, right!?” Yeah… no. CR/LF’s == fail. No surprise. [root@bigip1:Active:Changes Pending]…
Read More

IPv6 F5 Management

Dual stack is not supported yet and you need 11.2.0 or higher to be able to configure IPv6 on the management interface. The KB articles and lack of documentation doesn’t really inspire a lot of faith; so what does work and what doesn’t? This is what the working TMSH config looks like after I fudged…
Read More

Super quick net-snmp config

yum –y install net-snmp-utils net-snmp chkconfig snmpd on echo ‘# Enables listening on IPv4 and IPv6 for both UDP and TCP # Remove/modify entries as appropriate for your environment OPTIONS=”udp:161 udp6:161 tcp:161 tcp6:161″‘ > /etc/sysconfig/snmpd echo ‘createUser %{USERNAME}% SHA %{KEY}% AES %{KEY}%’ > /var/lib/net-snmp/snmpd.conf cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig echo ‘# /etc/snmp/snmpd.conf # Legacy SNMPv1/2c support for…
Read More

f5-w-doubledot headaches

Here is how F5 APM portal style deployments go wrong: 1. Third party web application 2. Unable to modify/fix source for whatever reason, see point 1 3. The developers responsible for the third party web app were not drowned at birth or groomed for a career in McDonald’s from their first vomit, see point 2…
Read More

Disabling the cookie “secure” option en masse

Sometimes while debugging web site code (mostly the retarded kind) as it’s pulled through an F5 you want to disable SSL on the virtual server’s client side but leave it enabled on the server side. Which is pretty easily achieved for the most part. But depending on the configuration in use you may have cookies…
Read More

RedSleeve on Raspberry Pi

Hurrah! There is finally an EL variant available for Raspberry Pi and other ARM hardware. http://www.redsleeve.org/ However it’s of limited value right now for a number of reasons Post install notes: uname -a = Linux 3.6.11+ #371 PREEMPT Thu Feb 7 16:31:35 GMT 2013 armv6l armv6l armv6l GNU/Linux No kernel package or dependencies installed No SELinux…
Read More

Fixing F5 BIG-IP SAML Authentication Requests

SAML 2.0 support was added to BIG-IP starting with version 11.3.0 Even using the latest release, 11.3.0-HF5, the code is still a bit odd. For example it does not always correctly URL encode and process the SAML base64 request when redirecting requests back to itself after authenticating the user. e.g. The SAML Request needs to…
Read More

F5 APM, Internet Explorer and supposedly “Insecure Content”

This is absolute bollocks, old versions of IE (particularly 8) throw an insecure content warning on the following embedded CSS background:url statement. Quite strangely this only exhibited itself after pulling a particular website through APM. At a guess it’s due to the F5 inserting Javascript which does something to the object. Problem HTML example, <a…
Read More