Fallback host used in HTTP profile-f5-all

Fallback host used in HTTP profile-f5-all
0

Fallback host used in HTTP profile-f5-all

Vendor: f5

OS: all

Description:
A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. indeni will alert if fallback is used instead of an iRule.

Remediation Steps:
It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.

How does this work?
This alert uses the iControl REST interface to extract the http profiles with fallback hosts.

Why is this important?
A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.

Without Indeni how would you find this?
Login to the device’s web interface and click on “Local Traffic” -> “Profiles” -> “Services” -> “HTTP”. Then, for each of the listed profiles, verify if a fallback host has been configured.

f5-rest-mgmt-tm-ltm-profile-http

name: f5-rest-mgmt-tm-ltm-profile-http
description: Determine usage of fallback hosts in HTTP profiles
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: f5
    product: load-balancer
    rest-api: 'true'
comments:
    f5-fallbackhost-used:
        why: |
            A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.
        how: |
            This alert uses the iControl REST interface to extract the http profiles with fallback hosts.
        without-indeni: |
            Login to the device's web interface and click on "Local Traffic" -> "Profiles" -> "Services" -> "HTTP". Then, for each of the listed profiles, verify if a fallback host has been configured.
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: HTTP
        command: /mgmt/tm/ltm/profile/http?$select=fallbackHost,fullPath
    parse:
        type: JSON
        file: rest-mgmt-tm-ltm-profile-http.parser.1.json.yaml

f5_fallback_host_used

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.f5

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class f5_fallback_host_used() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "f5_fallback_host_used",
  ruleFriendlyName = "F5 Devices: Fallback host used in HTTP profile",
  ruleDescription = "A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. indeni will alert if fallback is used instead of an iRule.",
  metricName = "f5-fallbackhost-used",
  applicableMetricTag = "name",
  alertItemsHeader = "Profiles Affected",
  alertDescription = "A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"https://se.linkedin.com/in/patrik-jonsson-6527932\">Patrik Jonsson</a>.",
  baseRemediationText = "It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("f5-fallbackhost-used").asSingle().mostRecent().value().noneable))()