cairnsbryce

Forum Replies Created

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • in reply to: Upgrade SoftAx 2.7.1 to 4.1 #5509
    avatar
    cairnsbryce
    Member

    Thanks for the Reply,

    I have installed the 2.7.1 version of ACOS, copied our production config, changed management ip and snat addresses, upgraded it to version 2.7.2 P7 SP3 and then upgraded it to 4.0.3-P1-SP2 Build10(*)

    Some of the configuration has not come across, the existing WAF rules and Class lists from the 2.7.2 environment.

    in reply to: Block Exchange ECP externally #2774
    avatar
    cairnsbryce
    Member

    Figured it out
    amazing what a missed [ will do

    when HTTP_REQUEST {
    if { [HTTP::uri] starts_with “/ecp” } {
    drop
    }
    }

    in reply to: Master Class List #2744
    avatar
    cairnsbryce
    Member

    okay if this is not recommended.
    Is there away I can do a Class list in a notepad++ as all five of the class list are almost identical.

    I have about 100 IP address and ranges. Could I please have an example of the single ip and a range.
    I did search but could not find what I was looking for.

    I will be saving each class list into the config.
    As the SE advised that this was better than using a file.

    in reply to: Use Nagios to Monitor VThunder #2742
    avatar
    cairnsbryce
    Member

    Thanks Genard,

    I will contact our SE for the scrips.

    Regards
    Bryce

    in reply to: Master Class List #2740
    avatar
    cairnsbryce
    Member

    currently we are using the following aFlex at the bottom.
    We have a number of websites that we only allow access from certain of our divisions or partners.

    Many of these partners accessing these sites are the same. But some websites will not have all.

    Currently we would need 6 Class Lists, each with about 100 ip address / subnets in each list. Many of these ip addresses/subnet will be the same in all the class list.

    So if i could have sub class lists for say division1,division2 and division 3. Each with there own ip ranges for those divisions defined. I would only have to update it in one spot and the 6 Master Class Lists would be able to reference it.

    when HTTP_REQUEST {

    switch -glob tolower[HTTP::host] {

    “tes1.example.com.au” {
    if { [CLASS::match [IP::client_addr] CL_Media] } {
    a pool SG_Media_RTSP
    } else {
    drop
    }
    }
    “test2.example.com.au” {
    pool SG_Opportunities

    }
    “test3.example.com.au” {
    if { [CLASS::match [IP::client_addr] CL_TestWesi] } {
    pool SG_test.wesi
    } else {
    drop
    }
    }
    “test4.example.com.au” {
    if { [CLASS::match [IP::client_addr] CL_TestWese] } {
    pool SG_test.wese
    } else {
    drop
    }
    }
    “test5.example.com.au” {
    if { [CLASS::match [IP::client_addr] CL_Wesi] } {
    pool SG_Wesi
    } else {
    drop
    }
    }
    “test6.example.com.au” {
    if { [CLASS::match [IP::client_addr] CL_Wese] } {
    pool SG_Wese
    } else {
    drop
    }
    }
    “test7.example.com.au” {
    if { [CLASS::match [IP::client_addr] CL_Admincm] } {
    pool SG_Admincm
    } else {
    drop
    }
    }
    default {

    }
    }
    }

    in reply to: 1 VIP to 15 Websites same ports #2735
    avatar
    cairnsbryce
    Member

    okay so looks like host-switching is not going to do what I need it to do.

    I am going to have to go with an AFlex rule and class lists

    My question on class list is if i have 6 websites that will be accessed form the same ip address can i have one list.

    At some stage if i want to limit access to one of the sites, i.e remove a range of allowed ip address. If I used one class list it would effect all the sites right?

    So would it be better to have 6 seperate class list? alot of the ip addresses would be the same. Is there an easy way to manage this?

    Bryce

    in reply to: 1 VIP to 15 Websites same ports #2734
    avatar
    cairnsbryce
    Member

    Thanks Thomas,

    I did the fist one via the GUI, then went into CLI and copied the config and replicated it so I could copy an paste the list.

    slb template http tp-HostSwitch
    host-switching contains test1.example.com service-group SG_Test1
    host-switching contains test2.example.com service-group SG_Test2

    I’ll bind it to the Virtual Service and test it tonight.

    in reply to: 1 VIP to 15 Websites same ports #2732
    avatar
    cairnsbryce
    Member

    Hi,

    Our environment would be http://www.test1.example.com and http://www.test2.example.com type of sites.
    We do have a few websites that are https://www.test3.example.com

    So it looks like host switching is the way, where do I find that in the GUI? or is it easier to do it in textpad and copy it into the CLI?

    As I said some of our servers hold multiple websites on them, they are in Apache and I am not familiar with Apache, but looking at the ISA rules they are both going over 443 or 80 so I think the Apache service is doing the host switching.
    these would be websites like http://test3.example.com and http://test4.example.

    thanks in advanced for the assistance
    Bryce

Viewing 8 posts - 1 through 8 (of 8 total)