HTTP Services

This section contains examples of declarations that create HTTP and/or HTTP services.

Use the index on the right to locate specific examples.

Important

Most of the example declarations have been updated in the documentation for BIG-IP AS3 3.20 to remove any template that was specified, and rename any virtual services that used the name serviceMain to service. In BIG-IP AS3 3.20, the generic template is the default, which allows services to use any name.

This also means that many of these declarations on a version prior to 3.20 they will fail unless you add a template. See this FAQ entry and this Troubleshooting entry for more information.

HTTP with custom persistence

In this example, we create a simple HTTP service, which uses the BIG-IP AS3 pointer use to declare a custom persistence profile.

This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_http_01.

  • An HTTP virtual server named service (called _A1 in the BIG-IP GUI).

  • A pool named web_pool containing two members using the HTTP health monitor.

  • A custom persistence profile based on cookie persistence for JSESSIONID.

    {
      "class": "AS3",
      "action": "deploy",
      "persist": true,
      "declaration": {
        "class": "ADC",
        "schemaVersion": "3.0.0",
        "id": "fghijkl7890",
        "label": "Sample 1",
        "remark": "HTTP with custom persistence",
        "Sample_http_01": {
          "class": "Tenant",
          "A1": {
            "class": "Application",
            "service": {
              "class": "Service_HTTP",
              "virtualAddresses": [
                "10.0.6.10"
              ],
              "pool": "web_pool",
              "persistenceMethods": [{
                "use": "jsessionid"
              }]
            },
            "web_pool": {
              "class": "Pool",
              "monitors": [
                "http"
              ],
              "members": [{
                "servicePort": 80,
                "serverAddresses": [
                  "192.0.6.10",
                  "192.0.6.11"
                ]
              }]
            },
            "jsessionid": {
              "class": "Persist",
              "persistenceMethod": "cookie",
              "cookieMethod": "hash",
              "cookieName": "JSESSIONID"
            }
          }
        }
      }
    }
    

Back to top


HTTP with no compression, BIG-IP TCP profile, iRule for pool

In this example, we create separate internal and external pools, and use an iRule to direct traffic based on the IP address of the client. This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_http_02.
  • Virtual server (HTTP) named service (called _A1 in the BIG-IP GUI).
  • A TCP profile using the mptcp-mobile-optimized parent. This bigip keyword exists in the TCP profile section schema and tells the system to look for the pathname of an existing TCP profile.
  • Two pools named dfl_pool and pvt_pool, each with 2 members monitored by the default HTTP health monitor.
  • An iRule which sends internal users to a private pool based on their IP address.
{
  "class": "AS3",
  "action": "deploy",
  "persist": true,
  "declaration": {
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "id": "urn:uuid:a858e55e-bbe6-42ce-a9b9-0f4ab33e3bf7",
    "label": "Sample 2",
    "remark": "HTTP with no compression, BIG-IP tcp profile, iRule for pool",
    "constants": {
      "myNotes": "F5 suggested I timestamp declarations, so...",
      "timestamp": "2017-11-27T18:26:45Z",
      "anotherProperty": "And I can put anything I want here...",
      "someUsefulNumber": 3.14159265
    },
    "Sample_http_02": {
      "class": "Tenant",
      "A1": {
        "class": "Application",
        "service": {
          "class": "Service_HTTP",
          "virtualAddresses": [
            "10.0.3.10"
          ],
          "pool": "dfl_pool",
          "profileHTTPCompression": "basic",
          "iRules": [
            "choose_pool"
          ],
          "profileTCP": {
            "bigip": "/Common/mptcp-mobile-optimized"
          }
        },
        "dfl_pool": {
          "class": "Pool",
          "monitors": [
            "http"
          ],
          "members": [{
            "servicePort": 80,
            "serverAddresses": [
              "192.0.3.10",
              "192.0.3.11"
            ]
          }]
        },
        "pvt_pool": {
          "class": "Pool",
          "monitors": [
            "http"
          ],
          "members": [{
            "servicePort": 80,
            "serverAddresses": [
              "192.0.3.20",
              "192.0.3.21"
            ]
          }]
        },
        "choose_pool": {
          "class": "iRule",
          "remark": "choose private pool based on IP",
          "iRule": "when CLIENT_ACCEPTED {\nif {[IP::client_addr] starts_with \"10.\"} {\n pool `*pvt_pool`\n }\n}"
        }
      }
    }
  }
}

Back to top

HTTP with additional virtual service for corporate clients

This example shows how you can create a declaration with two virtual services, one that could be used for clients on the corporate LAN for example.

This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_http_03.
  • Two HTTP virtual servers named service (called _A1 in the BIG-IP GUI) and pvt_vs.
  • A pool named web_pool containing two members using the HTTP health monitor. Both virtual servers reference this pool.
  • A custom persistence profile based on cookie persistence for JSESSIONID.
{
  "class": "AS3",
  "action": "deploy",
  "persist": true,
  "declaration": {
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "id": "urn:uuid:76f06c5a-b673-430d-8df4-d817cb3b9f3c",
    "label": "Sample 3",
    "remark": "HTTP with extra corp-only virtual",
    "controls": {
      "trace": true
    },
    "Sample_http_03": {
      "class": "Tenant",
      "A1": {
        "class": "Application",
        "service": {
          "class": "Service_HTTP",
          "virtualAddresses": [
            "10.0.7.10"
          ],
          "pool": "web_pool",
          "persistenceMethods": [{
            "use": "jsessionid"
          }]
        },
        "pvt_vs": {
          "class": "Service_HTTP",
          "remark": "Serves corporate LAN clients only",
          "virtualAddresses": [
            [
              "10.1.7.10",
              "10.0.0.0/8"
            ]
          ],
          "snat": "auto",
          "pool": "web_pool"
        },
        "web_pool": {
          "class": "Pool",
          "monitors": [
            "http"
          ],
          "members": [{
            "servicePort": 80,
            "serverAddresses": [
              "192.0.7.10",
              "192.0.7.11"
            ]
          }]
        },
        "jsessionid": {
          "class": "Persist",
          "persistenceMethod": "cookie",
          "cookieMethod": "hash",
          "cookieName": "JSESSIONID"
        }
      }
    }
  }
}

Back to top


HTTP and HTTPS virtual services in one declaration

This example shows how you can create an HTTP and HTTPS virtual service in the same declaration.

Note

The example declaration has been updated with the BIG-IP AS3 3.24 release to include a chainCA (a bundle of one or more CA certificates in trust-chain from root CA to certificate).

This example creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_http_04.
  • An HTTP virtual server named service (called _A1 in the BIG-IP GUI) and an HTTPS virtual server named A2.
  • A pool named gce_pool and a pool named web_pool, each containing two members using the HTTP health monitor.
  • TLS/SSL profile (that references a Certificate class) named TLS_Server. In the BIG-IP UI, this is a Client SSL profile.
{
  "class": "AS3",
  "action": "deploy",
  "persist": true,
  "declaration": {
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "id": "lmnop543421",
    "label": "Sample 4",
    "remark": "An HTTP and an HTTPS application",
    "controls": {
      "trace": true
    },
    "Sample_http_04": {
      "class": "Tenant",
      "A1": {
        "class": "Application",
        "service": {
          "class": "Service_HTTP",
          "virtualAddresses": [
            "10.0.9.10"
          ],
          "pool": "gce_pool"
        },
        "gce_pool": {
          "class": "Pool",
          "monitors": [
            "http"
          ],
          "members": [{
            "servicePort": 80,
            "serverAddresses": [
              "192.0.7.10",
              "192.0.7.11"
            ]
          }]
        }
      },
      "A2": {
        "class": "Application",
        "service": {
          "class": "Service_HTTPS",
          "virtualAddresses": [
            "10.0.9.20"
          ],
          "pool": "web_pool",
          "serverTLS": "webtls"
        },
        "web_pool": {
          "class": "Pool",
          "monitors": [
            "http"
          ],
          "members": [{
            "servicePort": 80,
            "serverAddresses": [
              "192.0.9.10",
              "192.0.9.11"
            ]
          }]
        },
        "webtls": {
          "class": "TLS_Server",
          "certificates": [{
            "certificate": "webcert"
          }]
        },
        "webcert": {
          "class": "Certificate",
          "remark": "in practice we recommend using a passphrase",
          "certificate": "-----BEGIN CERTIFICATE-----\nMIICnDCCAgWgAwIBAgIJAJ5n2b0OCEjwMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRQwEgYDVQQKDAtmNV9OZXR3b3JrczEbMBkGA1UEAwwSc2FtcGxlLmV4YW1wbGUubmV0MB4XDTE3MTEyNjE5NTAyNFoXDTE4MDIyNTE5NTAyNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFDASBgNVBAoMC2Y1X05ldHdvcmtzMRswGQYDVQQDDBJzYW1wbGUuZXhhbXBsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALEsuXmSXVQpYjrZPW+WiTBjn491mwZYT7Q92V1HlSBtM6WdWlK1aZN5sovfKtOX7Yrm8xa+e4o/zJ2QYLyyv5O+t2EGN/4qUEjEAPY9mwJdfzRQy6Hyzm84J0QkTuUJ/EjNuPji3D0QJRALUTzu1UqqDCEtiN9OGyXEkh7uvb7BAgMBAAGjUDBOMB0GA1UdDgQWBBSVHPNrGWrjWyZvckQxFYWO59FRFjAfBgNVHSMEGDAWgBSVHPNrGWrjWyZvckQxFYWO59FRFjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJeJ9SEckEwPhkXOm+IuqfbUS/RcziifBCTmVyE+Fa/j9pKSYTgiEBNdbJeBEa+gPMlQtbV7Y2dy8TKx/8axVBHiXC5geDML7caxOrAyHYBpnx690xJTh5OIORBBM/a/NvaR+P3CoVebr/NPRh9oRNxnntnqvqD7SW0U3ZPe3tJc\n-----END CERTIFICATE-----",
          "chainCA": "-----BEGIN CERTIFICATE-----\nMIID9TCCAt2gAwIBAgIJALxQA/NW2bpRMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTELMAkGA1UECgwCRjUxDTALBgNVBAsMBFRlc3QxFzAVBgNVBAMMDnRlc3RfQ0FfYnVuZGxlMSUwIwYJKoZIhvcNAQkBFhZzb21lYm9keUBzb21ld2hlcmUub3JnMB4XDTE4MDIyNzE5MjEyNVoXDTE4MDMyOTE5MjEyNVowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMQswCQYDVQQKDAJGNTENMAsGA1UECwwEVGVzdDEXMBUGA1UEAwwOdGVzdF9DQV9idW5kbGUxJTAjBgkqhkiG9w0BCQEWFnNvbWVib2R5QHNvbWV3aGVyZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjhUZmbwwuMMFTNic73t0mfJ/pyM3BnEs0riv6lbrF5znFKBlAM2pxWBfkQvr92gUwitij7BqMagnR26/C7GcJJNJQGNK482vgSPhUpGeN0t4W71Dv5SpwJN+0do6gV0eXPwvcgA/XZxXqZAePwXTp36YMrNTgw49OWZpHoNXfYCZ+1KUL032RdQ/Ik2wO/UwV0csL1Rwuu2L8/NI9VtrThCAr8dsMsDJ53jDh7xQdP3K2V9NYtAHk66697kk7TpzR1moqTJxSVaPKo2eDuKNke1BRbjYWoamu0hfC5YG6l5P9i8QaVklbtmDcmoLpU9fLVSSW6CWHkrtdifQiCOChAgMBAAGjUDBOMB0GA1UdDgQWBBRv7/Q0VoBgDYzgJOKLz4GsgXP27zAfBgNVHSMEGDAWgBRv7/Q0VoBgDYzgJOKLz4GsgXP27zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA9r6+6hGVlQ188l+wLFJ1wI83y27BdtE0ZsZGdFv98qi9kcUm17Z0tprEwypODZ1/syt9b1JhD4RgU30qwgeF4kec8UpoG49UkQImRD3AqfsiYSdjZeBpcpEl3n8lkjKGoVY7GB2lMGoWDxv/1A0CSjVTmWgQSFGHoMtzOW1tCr9yGXVEdy691l7PVC1kK5ekwkO8YbSO6hvV/u83KuUiGcIoY1PIzAK301i9YXWUNxybIVfHregoQ11QzjhfdfpOLBTtW1B4QZqZz8qFGIr1remmQK3ljEcct9bWjMLOx2QYMvk6uRFzh+V5L2UnhldNy5wQYMXRDz6SU3LdTJ2OA\n-----END CERTIFICATE-----",
          "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,D8FFCE6B255601587CB54EC29B737D31\n\nkv4Fc3Jn0Ujkj0yRjt+gQQfBLSNF2aRLUENXnlr7Xpzqu0Ahr3jS1bAAnd8IWnsR\nyILqVmKsYF2DoHh0tWiEAQ7/y/fe5DTFhK7N4Wml6kp2yVMkP6KC4ssyYPw27kjK\nDBwBZ5O8Ioej08A5sgsLCmglbmtSPHJUn14pQnMTmLOpEtOsu6S+2ibPgSNpdg0b\nCAJNG/KHe+Vkx59qNDyDeKb7FZOlsX30+y67zUq9GQqJEDuysPJ2BUNP0IJXAjst\nFIt1qNoZew+5KDYs7u/lPxcMGTirUhgI84Jy4WcDvSOsP/tKlxj04TbIE3epmSKy\n+TihHkwY7ngIGtcm3Sfqk5jz2RXoj1/Ac3SW8kVTYaOUogBhn7zAq4Wju6Et4hQG\nRGapsJp1aCeZ/a4RCDTxspcKoMaRa97/URQb0hBRGx3DGUhzpmX9zl7JI2Xa5D3R\nmdBXtjLKYJTdIMdd27prBEKhMUpae2rz5Mw4J907wZeBq/wu+zp8LAnecfTe2nGY\nE32x1U7gSEdYOGqnwxsOexb1jKgCa67Nw9TmcMPV8zmH7R9qdvgxAbAtwBl1F9OS\nfcGaC7epf1AjJLtaX7krWmzgASHl28Ynh9lmGMdv+5QYMZvKG0LOg/n3m8uJ6sKy\nIzzvaJswwn0j5P5+czyoV5CvvdCfKnNb+3jUEN8I0PPwjBGKr4B1ojwhogTM248V\nHR69D6TxFVMfGpyJhCPkbGEGbpEpcffpgKuC/mEtMqyDQXJNaV5HO6HgAJ9F1P6v\n5ehHHTMRvzCCFiwndHdlMXUjqSNjww6me6dr6LiAPbejdzhL2vWx1YqebOcwQx3G\n-----END RSA PRIVATE KEY-----",
          "passphrase": {
            "ciphertext": "ZjVmNQ==",
            "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"
          }
        }
      }
    }
  }
}

Back to top


Two applications sharing a pool

In this example, we show a declaration that creates two applications that use the same load balancing pool. In this scenario, one of our virtual servers is for HTTP (port 80) traffic and one for HTTPS (port 443) traffic.

Note

The example declaration has been updated with the BIG-IP AS3 3.24 release to include a chainCA (a bundle of one or more CA certificates in trust-chain from root CA to certificate).

It creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_http_05.
  • Three virtual servers, one HTTP and one HTTPS. The names are _A1, _A2, and a _A2-Redirect (created by default to redirect port 80 traffic to 443).
  • TLS/SSL profile (including certificate and private key) named TLS_Server. In the BIG-IP UI, this is a Client SSL profile.
  • Pool named dual_pool with 2 members monitored by the default HTTP health monitor. Both virtual servers reference this same pool.
{
  "class": "AS3",
  "action": "deploy",
  "persist": true,
  "declaration": {
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "id": "zyxwu8675309",
    "label": "Sample 5",
    "remark": "Two applications sharing a pool",
    "Sample_http_05": {
      "class": "Tenant",
      "Shared": {
        "class": "Application",
        "template": "shared",
        "dual_pool": {
          "class": "Pool",
          "monitors": [
            "http"
          ],
          "members": [{
            "servicePort": 80,
            "serverAddresses": [
              "192.0.10.10",
              "192.0.10.11"
            ]
          }]
        }
      },
      "A1": {
        "class": "Application",
        "service": {
          "class": "Service_HTTP",
          "virtualAddresses": [
            "10.0.10.10"
          ],
          "pool": "/Sample_http_05/Shared/dual_pool"
        }
      },
      "A2": {
        "class": "Application",
        "service": {
          "class": "Service_HTTPS",
          "virtualAddresses": [
            "10.0.10.20"
          ],
          "pool": "/Sample_http_05/Shared/dual_pool",
          "serverTLS": "webtls"
        },
        "webtls": {
          "class": "TLS_Server",
          "certificates": [{
            "certificate": "webcert"
          }]
        },
        "webcert": {
          "class": "Certificate",
          "remark": "in practice we recommend using a passphrase",
          "certificate": "-----BEGIN CERTIFICATE-----\nMIICnDCCAgWgAwIBAgIJAJ5n2b0OCEjwMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRQwEgYDVQQKDAtmNV9OZXR3b3JrczEbMBkGA1UEAwwSc2FtcGxlLmV4YW1wbGUubmV0MB4XDTE3MTEyNjE5NTAyNFoXDTE4MDIyNTE5NTAyNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFDASBgNVBAoMC2Y1X05ldHdvcmtzMRswGQYDVQQDDBJzYW1wbGUuZXhhbXBsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALEsuXmSXVQpYjrZPW+WiTBjn491mwZYT7Q92V1HlSBtM6WdWlK1aZN5sovfKtOX7Yrm8xa+e4o/zJ2QYLyyv5O+t2EGN/4qUEjEAPY9mwJdfzRQy6Hyzm84J0QkTuUJ/EjNuPji3D0QJRALUTzu1UqqDCEtiN9OGyXEkh7uvb7BAgMBAAGjUDBOMB0GA1UdDgQWBBSVHPNrGWrjWyZvckQxFYWO59FRFjAfBgNVHSMEGDAWgBSVHPNrGWrjWyZvckQxFYWO59FRFjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJeJ9SEckEwPhkXOm+IuqfbUS/RcziifBCTmVyE+Fa/j9pKSYTgiEBNdbJeBEa+gPMlQtbV7Y2dy8TKx/8axVBHiXC5geDML7caxOrAyHYBpnx690xJTh5OIORBBM/a/NvaR+P3CoVebr/NPRh9oRNxnntnqvqD7SW0U3ZPe3tJc\n-----END CERTIFICATE-----",
          "chainCA": "-----BEGIN CERTIFICATE-----\nMIID9TCCAt2gAwIBAgIJALxQA/NW2bpRMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTELMAkGA1UECgwCRjUxDTALBgNVBAsMBFRlc3QxFzAVBgNVBAMMDnRlc3RfQ0FfYnVuZGxlMSUwIwYJKoZIhvcNAQkBFhZzb21lYm9keUBzb21ld2hlcmUub3JnMB4XDTE4MDIyNzE5MjEyNVoXDTE4MDMyOTE5MjEyNVowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMQswCQYDVQQKDAJGNTENMAsGA1UECwwEVGVzdDEXMBUGA1UEAwwOdGVzdF9DQV9idW5kbGUxJTAjBgkqhkiG9w0BCQEWFnNvbWVib2R5QHNvbWV3aGVyZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjhUZmbwwuMMFTNic73t0mfJ/pyM3BnEs0riv6lbrF5znFKBlAM2pxWBfkQvr92gUwitij7BqMagnR26/C7GcJJNJQGNK482vgSPhUpGeN0t4W71Dv5SpwJN+0do6gV0eXPwvcgA/XZxXqZAePwXTp36YMrNTgw49OWZpHoNXfYCZ+1KUL032RdQ/Ik2wO/UwV0csL1Rwuu2L8/NI9VtrThCAr8dsMsDJ53jDh7xQdP3K2V9NYtAHk66697kk7TpzR1moqTJxSVaPKo2eDuKNke1BRbjYWoamu0hfC5YG6l5P9i8QaVklbtmDcmoLpU9fLVSSW6CWHkrtdifQiCOChAgMBAAGjUDBOMB0GA1UdDgQWBBRv7/Q0VoBgDYzgJOKLz4GsgXP27zAfBgNVHSMEGDAWgBRv7/Q0VoBgDYzgJOKLz4GsgXP27zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA9r6+6hGVlQ188l+wLFJ1wI83y27BdtE0ZsZGdFv98qi9kcUm17Z0tprEwypODZ1/syt9b1JhD4RgU30qwgeF4kec8UpoG49UkQImRD3AqfsiYSdjZeBpcpEl3n8lkjKGoVY7GB2lMGoWDxv/1A0CSjVTmWgQSFGHoMtzOW1tCr9yGXVEdy691l7PVC1kK5ekwkO8YbSO6hvV/u83KuUiGcIoY1PIzAK301i9YXWUNxybIVfHregoQ11QzjhfdfpOLBTtW1B4QZqZz8qFGIr1remmQK3ljEcct9bWjMLOx2QYMvk6uRFzh+V5L2UnhldNy5wQYMXRDz6SU3LdTJ2OA\n-----END CERTIFICATE-----",
          "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,D8FFCE6B255601587CB54EC29B737D31\n\nkv4Fc3Jn0Ujkj0yRjt+gQQfBLSNF2aRLUENXnlr7Xpzqu0Ahr3jS1bAAnd8IWnsR\nyILqVmKsYF2DoHh0tWiEAQ7/y/fe5DTFhK7N4Wml6kp2yVMkP6KC4ssyYPw27kjK\nDBwBZ5O8Ioej08A5sgsLCmglbmtSPHJUn14pQnMTmLOpEtOsu6S+2ibPgSNpdg0b\nCAJNG/KHe+Vkx59qNDyDeKb7FZOlsX30+y67zUq9GQqJEDuysPJ2BUNP0IJXAjst\nFIt1qNoZew+5KDYs7u/lPxcMGTirUhgI84Jy4WcDvSOsP/tKlxj04TbIE3epmSKy\n+TihHkwY7ngIGtcm3Sfqk5jz2RXoj1/Ac3SW8kVTYaOUogBhn7zAq4Wju6Et4hQG\nRGapsJp1aCeZ/a4RCDTxspcKoMaRa97/URQb0hBRGx3DGUhzpmX9zl7JI2Xa5D3R\nmdBXtjLKYJTdIMdd27prBEKhMUpae2rz5Mw4J907wZeBq/wu+zp8LAnecfTe2nGY\nE32x1U7gSEdYOGqnwxsOexb1jKgCa67Nw9TmcMPV8zmH7R9qdvgxAbAtwBl1F9OS\nfcGaC7epf1AjJLtaX7krWmzgASHl28Ynh9lmGMdv+5QYMZvKG0LOg/n3m8uJ6sKy\nIzzvaJswwn0j5P5+czyoV5CvvdCfKnNb+3jUEN8I0PPwjBGKr4B1ojwhogTM248V\nHR69D6TxFVMfGpyJhCPkbGEGbpEpcffpgKuC/mEtMqyDQXJNaV5HO6HgAJ9F1P6v\n5ehHHTMRvzCCFiwndHdlMXUjqSNjww6me6dr6LiAPbejdzhL2vWx1YqebOcwQx3G\n-----END RSA PRIVATE KEY-----",
          "passphrase": {
            "ciphertext": "ZjVmNQ==",
            "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"
          }
        }
      }
    }
  }
}

Back to top


Virtual server listening on multiple ports on the same address

This example shows how you can compose a declaration with services using the same virtual IP address, but using multiple ports.

This declaration creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_http_07.
  • Three virtual servers: service, service_on_port81, and service_on_port82, all using the same IP address (10.1.10.10), but listening on different ports.
  • Three pools: web_pool80, web_pool81, and web_pool82, all monitored by the default http health monitor.
{
    "class": "ADC",
    "schemaVersion": "3.2.0",
    "id": "8675309",
    "Sample_http_07": {
        "class": "Tenant",
        "A1": {
            "class": "Application",
            "service": {
                "class": "Service_HTTP",
                "remark": "Defaults to port 80",
                "virtualAddresses": [
                    "10.1.10.10"
                ],
                "pool": "web_pool80"
            },
            "web_pool80": {
                "class": "Pool",
                "monitors": [
                    "http"
                ],
                "members": [
                    {
                        "servicePort": 80,
                        "serverAddresses": [
                            "10.128.0.209"
                        ]
                    }
                ]
            },
            "service_on_port81": {
                "class": "Service_HTTP",
                "remark": "Accepts HTTP connections on port 81",
                "virtualPort": 81,
                "virtualAddresses": [
                    "10.1.10.10"
                ],
                "pool": "web_pool81"
            },
            "web_pool81": {
                "class": "Pool",
                "monitors": [
                    "http"
                ],
                "members": [
                    {
                        "servicePort": 81,
                        "serverAddresses": [
                            "10.128.0.210"
                        ]
                    }
                ]
            },
            "service_on_port82": {
                "class": "Service_HTTP",
                "remark": "Accepts HTTP connections on port 82",
                "virtualAddresses": [
                    "10.1.10.10"
                ],
                "virtualPort": 82,
                "pool": "web_pool82"
            },
            "web_pool82": {
                "class": "Pool",
                "monitors": [
                    "http"
                ],
                "members": [
                    {
                        "servicePort": 82,
                        "serverAddresses": [
                            "10.128.0.211"
                        ]
                    }
                ]
            }
        }
    }
}

Back to top


Using a Local Traffic Policy to forward HTTP Requests

This example uses a BIG-IP Local Traffic Policy with URL Routing that forwards any HTTP requests that have a path containing example.com to the pool web_pool. For more information, see Local Traffic Policy in the BIG-IP documentation. For usage, see Endpoint_Policy in Schema Reference.

This declaration creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_http_08.
  • A virtual server named service.
  • A pool named web_pool monitored by the default http health monitor.
  • A BIG-IP Local Traffic Policy with a rule that forwards any request for example.com to the web_pool.
{
  "class": "ADC",
  "schemaVersion": "3.2.0",
  "id": "ltm_policy",
  "label": "",
  "remark": "Simple HTTP application with LTM policy",
  "Sample_http_08": {
    "class": "Tenant",
    "A1": {
      "class": "Application",
      "service": {
        "class": "Service_HTTP",
        "virtualAddresses": [
          "10.0.1.10"
        ],
        "policyEndpoint": "forward_policy"
      },
      "web_pool": {
        "class": "Pool",
        "monitors": [
          "http"
        ],
        "members": [{
          "servicePort": 80,
          "serverAddresses": [
            "192.0.2.10",
            "192.0.2.11"
          ]
        }]
      },
      "forward_policy": {
        "class": "Endpoint_Policy",
        "rules": [{
          "name": "forward_to_pool",
          "conditions": [{
            "type": "httpUri",
            "path": {
              "operand": "contains",
              "values": ["example.com"]
            }
          }],
          "actions": [{
            "type": "forward",
            "event": "request",
            "select": {
              "pool": {
                "use": "web_pool"
              }
            }
          }]
        }]
      }
    }
  }
}

Back to top


Enabling NAT64 in a declaration

This example shows how to enable NAT64 in a BIG-IP AS3 declaration. NAT64 maps IPv6 addresses to IPv4 destinations, and is either enabled or disabled by using nat64Enabled property using true or false values (false is the default). For more information on NAT64, see the IP Address Sharing in Large Scale Networks deployment guide; while this guide was written for older versions of the BIG-IP, the information is still valid. You can also see the Service classes in the Schema Reference, for example Service_HTTP class.

This declaration creates the following objects on the BIG-IP:

  • Partition (tenant) named example_NAT64.
  • A virtual server named service with an IPv6 address and NAT64 enabled.
  • A pool named web_pool monitored by the default http health monitor.
{
    "class": "ADC",
    "schemaVersion": "3.14.0",
    "example_NAT64": {
        "class": "Tenant",
        "App1": {
            "class": "Application",
            "service": {
                "class": "Service_HTTP",
                "virtualAddresses": [
                    "9161:7904:7539:6023:5c73:2b27:50c6:46ce"
                ],
                "pool": "web_pool",
                "nat64Enabled": true
            },
            "web_pool": {
                "class": "Pool",
                "monitors": [
                    "http"
                ],
                "members": [
                    {
                        "servicePort": 80,
                        "serverAddresses": [
                            "192.0.1.10",
                            "192.0.1.11"
                        ]
                    }
                ]
            }
        }
    }
}

Back to top


Configuring an HTTP profile with a Proxy Connect profile

This example shows how to configure an HTTP Profile with a Proxy Connect profile in BIG-IP AS3 3.32 and later. An HTTP Proxy Connect profile enables a BIG-IP device to connect to a remote, down-stream proxy device. There are no configuration settings, it is either enabled or disabled.

When you enable the Proxy Connect profile, BIG-IP AS3 uses the following syntax to name the profile: f5_appsvcs_<Name of HTTP profile>_proxyConnect. In the example declaration, the name of the profile is f5_appsvcs_httpProfile_proxyConnect.

For more information on HTTP Proxy Connect profiles and manual configuration instructions, see the BIG-IP documentation.

For BIG-IP AS3 usage, see HTTP Profile.

This declaration creates the following objects on the BIG-IP:

  • Partition (tenant) named Tenant.
  • A virtual server named service that references an HTTP profile.
  • An HTTP profile named httpProfile with proxyConnectEnabled set to true, meaning it is enabled.
{
    "class": "ADC",
    "schemaVersion": "3.31.0",
    "id": "TEST",
    "Tenant": {
        "class": "Tenant",
        "App": {
            "class": "Application",
            "service": {
                "class": "Service_HTTP",
                "virtualPort": 80,
                "virtualAddresses": ["1.2.3.4"],
                "profileHTTP": {
                    "use": "httpProfile"
                }
            },
            "httpProfile": {
                "class": "HTTP_Profile",
                "proxyConnectEnabled": true
            }
        }
    }
}

Back to top


Configuring enforcement properties in an HTTP profile

This example shows how create HTTP profiles that include two enforcement properties introduced in AS3 3.40: allowBlankSpaceAfterHeaderName and enforceRFCCompliance.

The allowBlankSpaceAfterHeaderName property requires BIG-IP 16.1 or later, and specifies whether to allow blank space in an HTTP header between the header name and the separator colon in an HTTP request or response.

The enforceRFCCompliance property requires BIG-IP 15.0 or later, and causes the BIG-IP LTM to perform basic RFC compliance checks as described in the latest RFC for the HTTP protocol. If a client request fails these checks, the connection is reset.

The other properties have been a part of AS3 for a number of releases. See HTTP Profile for all available properties and usage.

This declaration creates the following objects on the BIG-IP:

  • Partition (tenant) named Enforcement_Tenant.
  • An Application named Enforcement_Application.
  • A virtual server named service that references one of the HTTP profiles.
  • Three HTTP profiles representing the three proxy types, all using allowBlankSpaceAfterHeaderName and/or enforceRFCCompliance along with a number of additional properties.
{
  "class": "ADC",
  "schemaVersion": "3.40.0",
  "id": "HTTP_PROFILE_ENFORCEMENT_PROPS",
  "Enforcement_Tenant": {
      "class": "Tenant",
      "Enforcement_Application": {
          "class": "Application",
          "service": {
              "class": "Service_HTTP",
              "virtualPort": 80,
              "virtualAddresses": [
                  "1.2.3.4"
              ],
              "profileHTTP": {
                  "use": "httpProfileReverseProxy"
              }
          },
          "httpProfileReverseProxy": {
              "class": "HTTP_Profile",
              "proxyType": "reverse",
              "allowBlankSpaceAfterHeaderName": false,
              "enforceRFCCompliance": false,
              "truncatedRedirects": false,
              "maxHeaderSize": 32768,
              "maxHeaderCount": 64,
              "pipelineAction": "allow",
              "unknownMethodAction": "allow",
              "knownMethods": [
                  "CONNECT",
                  "DELETE",
                  "GET",
                  "HEAD",
                  "LOCK",
                  "OPTIONS",
                  "POST",
                  "PROPFIND",
                  "PUT",
                  "TRACE",
                  "UNLOCK"
              ]
          },
          "httpProfileExplicitProxy": {
              "class": "HTTP_Profile",
              "proxyType": "explicit",
              "resolver": {
                  "bigip": "/Common/f5-aws-dns"
              },
              "allowBlankSpaceAfterHeaderName": false,
              "enforceRFCCompliance": false,
              "truncatedRedirects": false,
              "maxHeaderSize": 32768,
              "maxHeaderCount": 64,
              "pipelineAction": "allow",
              "unknownMethodAction": "allow",
              "knownMethods": [
                  "CONNECT",
                  "DELETE",
                  "GET",
                  "HEAD",
                  "LOCK",
                  "OPTIONS",
                  "POST",
                  "PROPFIND",
                  "PUT",
                  "TRACE",
                  "UNLOCK"
              ]
          },
          "httpProfileTransparentProxy": {
              "class": "HTTP_Profile",
              "proxyType": "transparent",
              "allowBlankSpaceAfterHeaderName": false,
              "truncatedRedirects": false,
              "maxHeaderSize": 16384,
              "oversizeClientHeaders": "pass-through",
              "oversizeServerHeaders": "pass-through",
              "maxHeaderCount": 32,
              "excessClientHeaders": "pass-through",
              "excessServerHeaders": "pass-through",
              "pipelineAction": "allow",
              "unknownMethodAction": "allow",
              "knownMethods": [
                  "CONNECT",
                  "DELETE",
                  "GET",
                  "HEAD",
                  "LOCK",
                  "OPTIONS",
                  "POST",
                  "PROPFIND",
                  "PUT",
                  "TRACE",
                  "UNLOCK"
              ]
          }
      }
  }
}

Back to top