Nokron
WAF F5
NokronGitLabELK stackWAF F5
WAF F5
NokronGitLabELK stackWAF F5
  • BIG-IP Application Security Manager
    • HTTP Protocol
      • Deep Dive to “HTTP Request” on ASM Module
      • ASM Example: Detecting a Malicious HTTP Request
    • Introduction to OWASP Top-10 Security Risks
    • Application Security Policy Templates in F5 ASM
      • Security Policy Levels
      • Explicit Entities Learning
      • Policy Modification
      • Gradual / Modular Blocking
      • Application Security Policy Lifecycle
      • Security Policy Enforcement Modes
      • Security Policy Violation Flags
      • How to Increase Learning Score / Deployment Speed
      • Comparison: Enforcement Mode, Learning Mode, and Violation Flags
    • Security Entities in Application Security Policy
      • Enforcement Readiness Summary
      • HTTP / HTTPS / WS / WSS URLs
      • Allowed Parameters in Security Policies
      • Allowed File Types in Security Policies
    • Tuning Security Policies: Analyzing and Categorizing Violations
      • Learning Suggestions in Security Policy Tuning
      • Policy Diff: Comparing and Auditing Security Policies
    • IP Address Exception Properties in ASM/AWAF
    • Cross-Site Request Forgery (CSRF) Protection in F5 ASM/AWAF
    • Sensitive Data Masking / Scrubbing (Data Guard) in F5 ASM/AWAF
    • Anti-virus Protection through an ICAP Server in F5 ASM/AWAF
    • Cookies in F5 ASM/AWAF Security
    • Session Tracking and Session Awareness in F5 ASM/AWAF
    • Evasion Technique Detection in F5 ASM/AWAF
    • Important Tips about Security Policy in F5 ASM/AWAF
    • L7 DDoS Attack Protection Configuration
    • TPS-based Attack Vectors and Stress-based Attack Vectors
    • Mitigation Techniques for DoS and Bot Protection
    • Important Tips about Events Logging
    • High-Speed Logging (HSL) Configuration
    • Web Threat Campaigns (v14.0+)
    • IP Intelligence (IPI) Subscription-Based License
    • Geo-IP Database Functionality
    • General Security Standards and WAF Support
    • ASM - Virtual Edition (VE) Tips
    • How to Bypass ASM Module
    • ASM Traffic Processing Daemon (bd)
    • ASM and AAM Integration
  • BIG-IP LTM Technology
    • Source IP Address and PORT Translation in BIG-IP
    • Packet Filters
    • Traffic / Service Profiles in BIG-IP
    • Virtual Servers and Their Behavior with Different Profiles in BIG-IP
      • Detailed Overview of Profiles in BIG-IP LTM
      • Optimizing for Mobile Clients in BIG-IP LTM
      • Connection Mirroring in BIG-IP LTM
      • AVR (Analytics) Profile in BIG-IP LTM
      • Health Monitoring in BIG-IP LTM
      • SSL Profile in BIG-IP LTM
      • Load-balancing Methods in BIG-IP LTM
      • Persistence Profile in BIG-IP
      • CMP vs. SMP in BIG-IP Systems
      • OneConnect Profile in BIG-IP
Powered by GitBook
On this page
  1. BIG-IP LTM Technology
  2. Virtual Servers and Their Behavior with Different Profiles in BIG-IP

Detailed Overview of Profiles in BIG-IP LTM

1. "FastHTTP" Profile

  • Purpose: A combination of TCP and Limited HTTP with OneConnect to improve performance for certain HTTP traffic.

Key Features:

  • OneConnect: Used to allow connection persistence on the server-side.

    • The server must support connection persistence with Keep-Alive Headers (e.g., IIS servers).

    • Faster than the standard HTTP profile due to limited features.

Limitations:

  • No SSL/TLS Profile.

  • No Compression support.

  • No RAM Cache.

  • No HTTP Pipelining.

  • No IPv6 support.

  • Limited iRule support (Client-Accepted, Server-Connected, HTTP-Request, HTTP-Response).

  • Explicit SNAT required for client source address translation.

Usage Scenarios:

  • When persistence and source IP addresses are not essential.

  • When aiming for high performance and low latency without complex features like SSL or compression.

2. "HTTP Class" Profile

  • Purpose: Allows classification of HTTP traffic based on content such as headers or URI for routing decisions.

Key Features:

  • Can classify traffic based on:

    • Host Names

    • URIs

    • Headers

    • Cookies

  • Supports actions like:

    • Load-balancing Pool

    • Redirection URL (Location Header)

    • Rewrite URI

Replacement:

  • Replaced by the Local Traffic Policy (LTP) object starting in TMOS v11.4.

3. "HTTP Request Logging" Profile

  • Purpose: Allows detailed logging of HTTP request and response data for monitoring and debugging.

Key Features:

  • Customizable logging for Request and Response.

  • Supports detailed data formats for logs, including:

    • BIG-IP Host Name

    • Client IP

    • SNAT IP

    • Virtual Server

    • User-Agent

  • Available ONLY through TMM-Interfaces, not via MGMT Port.

Sample Log Entries:

Request:

BIG-IP Host Name = $BIGIP_HOSTNAME --- Date & Time = $DATE_NCSA --- Virtual Server = $VIRTUAL_NAME --- Client-IP = $CLIENT_IP --- SNAT-IP = $SNAT_IP --- Pool Member-IP:PORT = $SERVER_IP:$SERVER_PORT --- Domain Name = ${host} --- Referer = ${Referer} --- Origin = ${origin} --- User-Agent = ${User-agent} --- Request = $HTTP_REQUEST

Response:

HTTP Response Code = $HTTP_STATCODE --- Elapsed Time (ms) Between Receiving the REQ. and Sending the RES. = $RESPONSE_MSECS

4. "FastL4" Profile

  • Purpose: Optimized for Layer 4 (L4) traffic where there is no need to process higher-layer protocols like HTTP.

Key Features:

  • No TCP/HTTP Optimizations.

  • Limited persistence options: Source address, Destination address, Universal, and Hash.

  • Ideal for L4 traffic like basic TCP load balancing.

Usage Scenarios:

  • Performance (L4) Virtual Servers.

  • Forwarding (L2/IP) Virtual Servers (L2 forwarding not applicable).

Modes of Hardware Acceleration:

  1. Full: All L4 traffic is processed by hardware, with no use of software-based features.

  2. Assisted: LTM performs SYN load balancing, while hardware assists with the remaining traffic.

  3. None: L4 traffic is managed entirely by BIG-IP application without hardware acceleration.

5. "Stream" Profile

  • Purpose: Performs string matching and replacement on HTTP requests and responses.

Key Features:

  • No Data Buffering.

  • Searches and replaces all occurrences of a string in both requests and responses.

  • Case-sensitive for pattern strings.

Usage Scenarios:

  • Search and Replace on content (headers and bodies) within HTTP traffic.

  • When no need for complex conditions, but a simple match/replace is required.

Dependency:

  • Can be used without an HTTP profile, where it searches and replaces content in both the header and body.

  • With an HTTP profile, it only searches and replaces content in the body.

6. "HTTP Compression" Profile

  • Purpose: Compresses HTTP response content to reduce bandwidth and improve performance.

Key Features:

  • Compresses HTTP responses based on Accept-Encoding header from the client.

    • Supports gzip and deflate methods.

  • CPU-intensive and should be used cautiously in high-traffic environments.

Compression Levels:

  • You can choose from levels 1-9 for gzip compression (level 9 is the highest compression but most CPU-intensive).

  • Compression Strategy defines the compression provider:

    1. Speed (default)

    2. Size

    3. Ratio

    4. Adaptive

7. "Web Acceleration" Profile (RAM Cache)

  • Purpose: Caches HTTP objects in memory for faster subsequent access and reduced load on backend servers.

Key Features:

  • Stores static content (CSS, JS, images) for faster access.

  • Content can be cached based on Vary headers or Cache-Control settings.

  • Does not cache private data (e.g., responses with Cache-Control: private).

Cacheable Items:

  • HTTP 200, 203, 206, 300, 301, 410 responses.

  • GET methods by default (non-cacheable methods can be customized via iRules).

  • Memory-intensive, so should be used for high-demand or static content.

Summary of Profile Features

Profile

Purpose

Key Features

Limitations

FastHTTP

High performance HTTP handling

OneConnect, TCP + limited HTTP, fast but no SSL/TLS or compression

No SSL/TLS, No Compression, No IPv6

HTTP Class

Classifies HTTP traffic

Classify traffic based on hostnames, URIs, headers, cookies

Replaced by LTP (TMOS v11.4)

HTTP Request Logging

Logs HTTP request/response data

Detailed log formatting options

Available only through TMM-Interfaces

FastL4

Optimized for Layer 4 traffic

No TCP/HTTP optimizations, limited persistence options

No Layer 7 processing

Stream

String match/replace

Search and replace on all occurrences of a string

Case-sensitive, no complex conditions

HTTP Compression

Compresses HTTP content

gzip/deflate compression, customizable levels

CPU-intensive, should be used cautiously

Web Acceleration (RAM Cache)

Caches static content

High-demand object caching, reduces backend load

Memory-intensive, only caches cacheable content

PreviousVirtual Servers and Their Behavior with Different Profiles in BIG-IPNextOptimizing for Mobile Clients in BIG-IP LTM

Last updated 3 months ago