Skip to content

Instantly share code, notes, and snippets.

View ruo91's full-sized avatar

Yongbok Kim ruo91

38 followers · 5 following
View GitHub Profile
@ruo91
ruo91 / f5-big-ip-block-ips.md
Last active October 21, 2024 07:35
F5 BIG-IP - Block Specific IPs in an Environment Using Cloudflare in Proxied Mode

1. iRules 생성

when HTTP_REQUEST {
    # Set a default empty client_ip variable
    set client_ip ""

    # Check if X-Forwarded-For header exists and use the first IP in the list (if it exists)
    if { [HTTP::header exists "X-Forwarded-For"] } {
        set xff_header [HTTP::header "X-Forwarded-For"]
        set client_ip [getfield $xff_header "," 1]  ;# X-Forwarded-For may contain multiple IPs, so take the first one
@ruo91
ruo91 / f5-big-ip-blocking-dynamic-files-brute-force-attacks.md
Last active October 6, 2024 03:15
F5 BIG-IP - Automatic blocking script for dynamic files brute force attacks

1. iRules

when HTTP_REQUEST {
    # Define the list of domains to block
    set blocked_domains { "your-domain01" "your-domain02" }

    # Get the Host header value
    set host_header [HTTP::host]

    # Define the list of dynamic page extensions to block
@ruo91
ruo91 / f5-big-ip-blocking-usser-agent.md
Last active October 3, 2024 01:32
F5 BIG-IP - Blocking User-Agent

1. iRules

when HTTP_REQUEST {
    # HTTP 요청의 User-Agent 헤더 값을 추출
    set user_agent [HTTP::header "User-Agent"]

    # Data Group에서 User-Agent를 확인
    if { [class match $user_agent contains blocked-user-agents] } {
        # 차단된 User-Agent가 발견되면 403 에러 페이지 반환
        HTTP::respond 403 content {
@ruo91
ruo91 / f5-big-ip-defense-csrf-ssrf-cors.md
Last active October 1, 2024 06:10
F5 BIG-IP - Automatic blocking script for CSRF, SSRF, and CORS attacks

1. iRules

when HTTP_REQUEST {
    # X-Forwarded-For 헤더에서 클라이언트 IP 목록 추출
    set xff [HTTP::header "X-Forwarded-For"]
    set xff_count [llength [split $xff ","]]

    # X-Forwarded-For 헤더에 있는 IP 주소 개수 확인
    if { $xff_count == 3 } {
        log local0. "X-Forwarded-For has 3 entries: $xff"
@ruo91
ruo91 / f-stack-igb_uio.ko-undefined.md
Last active May 26, 2024 02:59
F-Stack - ERROR: modpost: "__uio_register_device" [/data/f-stack/dpdk/build/kernel/linux/igb_uio/igb_uio.ko] undefined!

Gentoo Linux에서 F-Stack 빌드시 igb_uio.ko 모듈이 없다고 나오는 경우는
Linux Kernel에서 Userspace I/O drivers를 활성화하고 재빌드하면 해결 됨.

- 관련 로그

[2902/2906] Generating kernel/linux/igb_uio/igb_uio with a custom command
FAILED: kernel/linux/igb_uio/igb_uio.ko
/usr/bin/make -C /lib/modules/6.7.0-gentoo/build M=/data/f-stack/dpdk/build/kernel/linux/igb_uio src=/data/f-stack/dpdk/kernel/linux/igb_uio EXTRA_CFLAGS=-I/data/f-stack/dpdk/kernel/linux/igb_uio/../../../lib/librte_eal/include modules
make: Entering directory '/usr/src/linux-6.7.0-gentoo'
  MODPOST /data/f-stack/dpdk/build/kernel/linux/igb_uio/Module.symvers
@ruo91
ruo91 / k8s-bigip-ctlr.md
Created April 25, 2024 22:53
F5 Container Ingress Services - F5BigIpCtlr 
Usage of /app/bin/k8s-bigip-ctlr.real
  Global:
      --cccl-log-level string            Optional, logging level for cccl
      --controller-mode string           Optional, to put the controller to process desired resources.
      --custom-resource-mode             Optional, When set to true, controller processes only F5 Custom Resources.
      --default-route-domain int         Optional, CIS uses this value as default Route Domain in BIG-IP 
      --disable-teems                    Optional, flag to disable sending telemetry data to TEEM
      --enable-ipv6                      Optional, flag to enbale ipv6 network support.
      --extended-spec-configmap string   Required, specify a configmap that holds additional spec for controller. It's a required parameter if controller-mode is 'openshift'
@ruo91
ruo91 / ocp46-etcd-manual-runing.md
Created February 1, 2024 14:25
Manual Method for Running ETCD Version 3.4.9 Based in an OpenShift 4.6 Environment

- Cluster Node #1

$ etcd \
--data-dir '/var/lib/etcd' \
--wal-dir '/var/lib/etcd/member/wal' \
--initial-advertise-peer-urls=https://192.168.0.81:2380 \
--cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-serving/etcd-serving-master01.ocp46.local.crt \
--key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-serving/etcd-serving-master01.ocp46.local.key \
--trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-serving-ca/ca-bundle.crt \
--client-cert-auth=true \
@ruo91
ruo91 / gist:a062b1956c5e76d8ebf0557b527cd4d6
Created October 22, 2023 08:01
CustomResourceDefinition - AgentServiceConfig
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: "2023-10-21T15:18:54Z"
generation: 1
name: agentserviceconfigs.agent-install.openshift.io
resourceVersion: "49197"
uid: 5364102b-9370-4f0e-96ce-3bf3ffa24207
@ruo91
ruo91 / openshift-vcenter-role.ps1
Last active September 26, 2023 04:01
OpenShift on vSphere - Create vCenter Role (PowerShell)
<#
.SYNOPSIS
openshift-vcenter-role.ps1 - PowerShell Script to create a new vCenter Roles algined with the prereqs for the OpenShift Container Platform Install.
.DESCRIPTION
This script is used to create a new roles on your vCenter server.
The newly created role will be filled with the needed permissions for installing OpenShift Container Platform using the IPI Method.
The permissions are based on the documentation found here: https://docs.openshift.com/container-platform/4.13/installing/installing_vsphere/installing-vsphere-installer-provisioned.html
.OUTPUTS
Results are printed to the console.
.NOTES
@ruo91
ruo91 / systemd-utils-253.8.ebuild
Created August 13, 2023 02:46
Gentoo Linux - GCC -Ofast 최적화 옵션 사용시 sys-apps/systemd-utils 관련 meson 빌드 에러 해결
# Copyright 2022-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
QA_PKGCONFIG_VERSION=$(ver_cut 1)
inherit bash-completion-r1 flag-o-matic linux-info meson-multilib python-any-r1
inherit secureboot toolchain-funcs udev usr-ldscript