Balanced

Best way to have a good idea, is to have lots of ideas

Category: iRules

Gather SSL cipher statistics from your F5 device

With the new PCI DSS requirements around the corner it might be interesting to gather some SSL cipher statistics from your F5’s. If you have a syslog server this is a piece of cake using the HSL function in iRules.

To use the iRule below, first create a pool called syslog-514_pool, or simply replace the name with a pool containing your syslog server(s). Then, for each virtual server attach the following iRule:

 

Essentially, what it does is to send a syslog message for every new SSL session established. This data could easily be indexed by Splunk or Elastic search to generate a report.

PS. If you have a Firewall between your loadbalancer and your syslog server you might want to verify that it’s open first.

Setting up F5 APM with Google Authenticator

Setting up a secure VPN is easier than you might think. With F5 APM and Google authenticator you’re up and running soon.

There is an article on devcentral doing this but I thought it could be a bit simpler so I wrote my own. Tested on version 12 but should be more or less applicable to version 11 as well. Please let me know if there’s any differences and I’ll update the article.

Read More

Helping headers

Since we rely so heavily on the load balancers to handle part of the application logic the line between application servers and network equipment is blurred out. URIs and headers may change, and pools might be chosen depending on many different factors.

To add some transparence here I would recommend using the loadbalancer to give the users of your company additional information if they need it.

Read More

Powered by WordPress & Theme by Anders Norén