Geeks With Blogs
Nicholas Zurfluh blog F5 networks Big-IP, 3DNS, Traffic Shield, iControl
A Clean up routine for bigip.conf
Here is a neat trick I stumbled across while doing some Stream Editing. Here is a command that will remove all tabs and spaces before a new line. sed -e 's/[]*$//' -e '/^$/ d' (This command is yet untested) This should reduce those extra characters from causing the b load command to fail.

Posted On Wednesday, February 21, 2007 2:37 PM

In case I forget again...

OpenSSL is a usefull tool for trouble shooting issues with BIG-IP.

The sytax for creating a client connection is as follows:

openssl s_client -connect hostname:port

Posted On Wednesday, June 28, 2006 5:24 PM

Correct the time with Big-IP ver. 4.5.9x
Simple technique to correct the date/time of a Big-IP. F5 will tell you to take your unit into single user mode, this is not neccessary. I have discovered that you can update the time of an standby unit in multiuser mode. You can update the clock in multiuser mode with ntpdate. Syntax: ntpdate -b (time server IP/FQDN) Manual page for ntpdate: ......

Posted On Monday, November 1, 2004 2:07 PM

enable SNMP queries in Big-IP ver. 4.5.9

If you put a 32 bit host mask ( in your SNMP client allow list (hosts.allow) Big-IP will not respond.  You must remove the host mask and leave an empty value unless your client is a network address


Posted On Wednesday, September 29, 2004 3:13 PM

Changing time in Big-IP 4.5.9 and BSD
Normally with BSD you are required to go into single user mode prior to changing the time.  I have discovered that you can use ntpdate to correct the time in multi-user mode (A.K.A. init level 2).

Posted On Wednesday, September 29, 2004 2:39 PM

The origins of the Web
As it turns out Vannevar Bush didn't coin the phrase hypertext although he lays out the concepts of the web in his collumn “As We May Think“ for the Atlantic Monthly. Clearly a brilliant visionary, he even considers the problems we now face with i/o devices and logical abstraction. Of note, it seems that Vannevar was a logical positivist, it is intersting to see the dillema that has resulted in a now post modern world that, in large part, is sceptical in regards to truth. The pressuppositions ......

Posted On Thursday, September 9, 2004 6:16 PM

iRule that limits portal console access
Here are the requirements: Exclude access, to either HTTP requests that contain /portal/console in the URI or from among deemed suspicious variables, from all client requests other than those who's source address is from internal address space. ***UNTESTED*** rule server_lock_down { if (http_uri matches_regex "/portal/console" and not one of internal_network_class) { redirect to "http://%h" } else if (http_content contains one of bad_variable_class and not one of internal_network_class) { redirect ......

Posted On Thursday, September 9, 2004 6:11 PM

Using F5 iRules to augment server security
The traditional aproach to site security. Allow all traffic then identify an unauthorized requests and stop them This would be a deductive method. The deductive method would compare http requests against a class of unauthorized values. A negative result would consider the request safe and use pool X. A positive match would identify an unauthorized request and be discarded. Since we cannot exhaustively anticipate all future vulnerabilities this method will never be comprehensive. A comprehensive solution ......

Posted On Thursday, September 9, 2004 6:00 PM

Server configuration for n-Path routing, DSR, Switch Back
Proceedure for Windows 2000/3: Install Loopback Adapter: Start/Settings/Control Panel/Add Remove Hardware Add Troubleshoot a device/ Next No, from list/ Next Network adapters/ Next from manufacturers box select Microsoft. from network adapters box select Microsoft Loopback adapter/ Next Finish Configuration for the Loopback interface: ip address: VIP Subnet mask: *host mask is not allowed in Windows* gateway: no value click “Advanced” add to the “Interface ......

Posted On Thursday, September 9, 2004 5:55 PM

Big-IP ver. 4.5.9 ECV of Siteminder protected sites
What are the criteria that constitutes meaningful ECV. Would this be a page match for an authenticated user session? If a simple content match on the home page is our goal it would require that we authenticate through Siteminder or thwart it. Given, my understanding of Siteminder a script that authenticates a user would require an extended application verification script. This aproach would exceed our ECV requirements. An alternative would be unprotect a page (if there is such an ability) have Big-IP ......

Posted On Thursday, September 9, 2004 5:53 PM

Copyright © Nicholas Zurfluh | Powered by: