Appendix B: Additional Declarations¶
This section contains a number of additional example declarations you can use. Use the following index, or the links on the right to go to a specific category of declaration.
If you want to see an example that uses all of available AS3 properties, see the all properties declaration.
Note
Some of the examples may be in multiple categories.
HTTP Services¶
- HTTP Services
- 1: HTTP with custom persistence
- 2: HTTP with no compression, BIG-IP TCP profile, iRule for pool
- 3: HTTP with additional virtual service for corporate clients
- 4: HTTP and HTTPS virtual services in one declaration
- 5: Two applications sharing a pool
- 6: One tenant with three applications
- 6a: Single application with multiple services
- 7: Virtual server listening on multiple ports on the same address
- 8: Using a Local Traffic Policy to forward HTTP Requests
- 9: Enabling NAT64 in a declaration
TLS Encryption¶
- TLS Encryption
- 1: Referencing an existing SSL certificate and key in the Common partition
- 2: Using multiple SSL/TLS certificates in a single profile
- 3: Using matchToSNI with a TLS_Server profile
- 4: Using PKCS 12 in a declaration
- 5: Enabling and disabling clientSSL (server SSL profile) from Endpoint policies
- 6: HTTP and HTTPS virtual services in one declaration
- 7: Using a client and server TLS profile in the same declaration
- 8: Using Client Certificate Constrained Delegation (C3D) features in a declaration
- 9: Securing client and server side LDAP traffic
- 10: Using OCSP Certificate Validation in a declaration
- 11: Using the staplerOCSP parameter in a certificate
- 12: Ignoring validation of certificates when retrieving URI data
- 13: Using TLS 1.3 and Cipher rules and groups in a declaration
- 14: Referencing multiple SSL profiles on a single virtual service
- 15: Configuring additional TLS options on a virtual
Non-HTTP Services¶
- Non-HTTP Services
- 1: UDP virtual service
- 2: TCP load-balanced to ICAP with custom monitor
- 3: Using BIG-IP DNS features in a declaration
- 4: Using a FIX profile and data groups in a declaration
- 5: Using tcpOptions in a TCP Profile
- 6: Using GSLB features in a declaration
- 7: Service Discovery for virtual servers in GSLB Servers
- 8: Creating a DNS cache in a declaration
- 9: Using existing FTP and SIP profiles in a declaration
- 10: Creating an FTP profile in a declaration
- 11: Using an existing TFTP profile in a declaration
- 12: Setting BBR Congestion Control in a TCP profile with AS3
- 13: Configuring SCTP services and referencing SCTP profiles in a declaration
- 14: Referencing existing ICAP profiles in a declaration
- 15: Using IP or L2 Forwarding in a declaration
Network Security¶
- Network Security
- 1: Using Firewall Rules, Policies, and logging
- 2: Using Firewall (Carrier Grade) NAT features in a declaration
- 3: Securing SSH traffic with the SSH Proxy
- 4: Using reject and accept-decisively actions and VLAN source in a firewall rule
- 5: Creating Protocol Inspection profiles
- 5: Setting Maximum Bandwidth on a virtual with AFM
Application Security¶
- Application Security
- 1: Virtual service referencing an existing security policy
- 2: Virtual service referencing an external security policy
- 3: Endpoint policy with default rule to disable WAF
- 4: Endpoint policy with SSL SNI Match conditions and HTTP action
- 5: Using a Security log profile with Application Security
- 6: Using Persist Actions in an Endpoint Policy
- 7: Changing the enforcement mode of a WAF policy retrieved from a URL
- 8: Using an Anti-Fraud (FPS) profile in a declaration
- 9: Defining server technologies in a WAF policy
- 10: Disabling an attack signature in a WAF policy
- 11: Using negative string conditions in Endpoint policies
- 12: Adding Basic Auth when retrieving a WAF policy from a URL
DOS Protection¶
Policy Enforcement¶
Health Monitors¶
Profiles¶
- Profiles
- 1: Creating an HTTP Analytics profile in a declaration
- 2: Using an Analytics profile with a Capture filter
- 3: Using a Multiplex (OneConnect) profile in a declaration
- 4: Using existing FTP and SIP profiles in a declaration
- 5: Using a Traffic Log profile in a declaration
- 6: Using a WebSocket profile in a declaration
- 7: Using a Rewrite profile in a declaration
- 8: Using a DoS profile in a declaration
- 9: Using a DoS profile for Mobile Defense
- 10: Using a HTTP Acceleration profile in a declaration
- 11: Using a Security log profile with Application Security
- 12: Using a Stream profile in a declaration
- 13: Creating an FTP profile in a declaration
- 14: Referencing existing iRules LX Profiles
- 15: Using the HTTP/2 profile in a declaration
- 16: Referencing an existing RTSP profile in a declaration
- 17: Creating a TCP Analytics profile in a declaration
- 18: Referencing a PPTP profile in a declaration
- 19: Configuring SCTP services and referencing SCTP profiles in a declaration
- 20: Referencing Request and Response Adapt profiles in a declaration
- 21: Referencing existing ICAP profiles in a declaration
Service Discovery¶
- Service Discovery
- Requirements for using Service Discovery
- 1: Using Service Discovery to automatically populate a pool
- 2: Using remote Service Discovery to automatically populate a pool with BIG-IP VE anywhere
- 3: Using remote Service Discovery and sending the declaration to a remote BIG-IP
- 4: Using an FQDN pool to identify pool members
- 5: Event-Driven Service Discovery
- 6: Service Discovery using HashiCorp Consul
- 7: Service Discovery using HashiCorp Consul and CA Certificates
- 8: Service Discovery using HashiCorp Consul without certificate validation
- 9: Service Discovery for virtual servers in GSLB Servers
- 10: Event-Driven and Static Service Discovery in one declaration
- 11: Service Discovery using HashiCorp Consul for a specific service
Miscellaneous Declarations¶
- Miscellaneous declarations
- 1: Using PATCH to add a new Application to a Tenant
- 2: Using the Service_Generic class
- 3: Using Metadata in a declaration
- 4: Virtual service allowing only specific VLANs
- 5: Advertising a route for a Service Address
- 6: Using Clone Pools in a declaration
- 7: Sending multiple declarations in a single request (container)
- 8: Sending multiple declarations in a single request (BIG-IQ)
- 9: Using Splunk as a log destination
- 10: Using shareNodes to reuse nodes across tenants
- 11: Using the include property to reference one section of a declaration in another section
- 12: Using both a source and destination address for a virtual service
- 13: Creating an internal virtual service
- 14: Configuring virtual address settings while using Source address filtering
- 15: Referencing pools and iRules in a declaration
- 16: Using the userAgent Controls property
- 17: Using traceResponse to enable traces in AS3 responses