Fallback host used in HTTP profile-f5-False

error
false
best-practices
f5
Fallback host used in HTTP profile-f5-False
0

#1

Fallback host used in HTTP profile-f5-False

Vendor: f5

OS: False

Description:
A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. indeni will alert if fallback is used instead of an iRule.

Remediation Steps:
It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.

How does this work?
This alert uses the iControl REST interface to extract the http profiles with fallback hosts.

Why is this important?
A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.

Without Indeni how would you find this?
Login to the device’s web interface and click on “Local Traffic” -> “Profiles” -> “Services” -> “HTTP”. Then, for each of the listed profiles, verify if a fallback host has been configured.

f5-rest-mgmt-tm-ltm-profile-http

 #! META
name: f5-rest-mgmt-tm-ltm-profile-http
description: Determine usage of fallback hosts in HTTP profiles
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: "f5"
    product: "load-balancer"
    rest-api: "true"

#! COMMENTS
f5-fallbackhost-used:
    why: |
        A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.
    how: |
        This alert uses the iControl REST interface to extract the http profiles with fallback hosts.
    without-indeni: |
        Login to the device's web interface and click on "Local Traffic" -> "Profiles" -> "Services" -> "HTTP". Then, for each of the listed profiles, verify if a fallback host has been configured.
    can-with-snmp: true
    can-with-syslog: false

#! REMOTE::HTTP
url: /mgmt/tm/ltm/profile/http?$select=fallbackHost,fullPath
protocol: HTTPS

#! PARSER::JSON

_metrics:
    - # Record profiles having fallback host
        _groups:
            "$.items[0:][?(@.fallbackHost)]":
                _tags:
                    "im.name":
                        _constant: "f5-fallbackhost-used"
                    "im.dstype.displaytype":
                        _constant: "boolean"
                    "name":
                        _value: "fullPath"
                _value.complex:
                    value:
                        _constant: "true"
    - # Record profiles not having fallback host
        _groups:
            "$.items[0:][?(!@.fallbackHost)]":
                _tags:
                    "im.name":
                        _constant: "f5-fallbackhost-used"
                    "im.dstype.displaytype":
                        _constant: "boolean"
                    "name":
                        _value: "fullPath"
                _value.complex:
                    value:
                        _constant: "false"

f5_fallback_host_used

package com.indeni.server.rules.library.templatebased.f5

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library._
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule

/**
  *
  */
case class f5_fallback_host_used() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "f5_fallback_host_used",
  ruleFriendlyName = "F5 Devices: Fallback host used in HTTP profile",
  ruleDescription = "A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. indeni will alert if fallback is used instead of an iRule.",
  metricName = "f5-fallbackhost-used",
  applicableMetricTag = "name",
  alertItemsHeader = "Profiles Affected",
  alertDescription = "A fallback host redirect a user to a different page/URI. It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"https://se.linkedin.com/in/patrik-jonsson-6527932\">Patrik Jonsson</a>.",
  baseRemediationText = "It is in most cases better to use an iRule to rewrite the request. That way the user maintains the same URI and can hit refresh until the page is available again.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("f5-fallbackhost-used").asSingle().mostRecent().value().noneable))()