[rancid] rancid not working with partitions v11.x tmsh F5 LTM
Annie Lee
lsy.annie at gmail.com
Tue Feb 10 20:48:56 UTC 2015
Hi Shaun,
After adding the partition bit, there are additional 40k lines added.
(attached are some of them)
Revision *1.10* - (view
<http://192.168.162.32/viewvc/test/configs/staging?hideattic=1&revision=1.10&view=markup>)
(annotate
<http://192.168.162.32/viewvc/test/configs/staging?annotate=1.10&hideattic=1>)
- [select for diffs]
<http://192.168.162.32/viewvc/test/configs/staging?view=log&hideattic=1&r1=1.10>
*Mon Feb 9 22:39:17 2015 UTC* (22 hours, 1 minute ago) by *rancid*
Branch: *MAIN*
<http://192.168.162.32/viewvc/test/configs/staging?view=log&hideattic=1&pathrev=MAIN>
Changes since *1.9: +44759 -0 lines*
Diff to previous 1.9
<http://192.168.162.32/viewvc/test/configs/staging?hideattic=1&r1=1.9&r2=1.10>
updates
So i amended the script to only capture the additional partition rather
than looping and find the available partition in the F5.
*tmsh -q -c "cd /partition_DMZ;list"*
Thanks
On Tue, Feb 10, 2015 at 4:49 PM, Shaun Krok <krok at krok.za.net> wrote:
> Hi there Annie
>
> Good to hear it is working for you
>
> Can you show us what you mean by default config --- i believe this is
> normal but lets see a sample and we can comment
>
> thanks
>
> Shaun
>
>
> On 2015-02-09 23:46, Annie Lee wrote:
>
>> Just checked the diff (with the added partition configs) and it seems
>> to have all unnecessary default configs as well.
>> Is that normal ?
>>
>> On Tue, Feb 10, 2015 at 8:43 AM, Annie Lee <lsy.annie at gmail.com [43]>
>> wrote:
>>
>> Hi Shaun,
>>>
>>> Managed to get the bash script running, missed the double quote on
>>> the script.
>>>
>>> #! /bin/bash
>>> tmsh -q -c "cd /;list recursive"
>>>
>>> Thank you very much...
>>>
>>> On Tue, Feb 10, 2015 at 8:29 AM, Annie Lee <lsy.annie at gmail.com
>>> [42]> wrote:
>>>
>>> Hi Shaun,
>>>>
>>>> Ive wrote a script with the below content to run from the F5, but
>>>> error out..(hence it wont be successful from rancid)
>>>>
>>>> #!/bin/bash
>>>> tmsh -q -c cd / ;list recursive
>>>>
>>>> Thanks
>>>>
>>>> On Mon, Feb 9, 2015 at 7:15 PM, Shaun Krok <krok at krok.za.net [41]>
>>>> wrote:
>>>>
>>>> On 2015-02-08 23:16, Annie Lee wrote:
>>>>>
>>>>> Hi Shaun,
>>>>>>
>>>>>> Sorry. im new to this scripting and hope you dont mind me
>>>>>> asking more
>>>>>> on the bash thingy.
>>>>>>
>>>>>> 1) create a file under root privilege with the below contents
>>>>>> : (root
>>>>>> for the F5 or the rancid box) ? on the F5
>>>>>>
>>>>>> #!/bin/bash
>>>>>> tmsh -q -c cd / ;list recursive
>>>>>>
>>>>>> 2) how do i call that via rancid ?
>>>>>>
>>>>>> _{TMSH -Q LIST => WRITETERMTMSH},_
>>>>>>
>>>>>
>>>>> SNIP from the f5rancid script
>>>>>
>>>>> # Main
>>>>> # bigpipe commands, BIGIP v9 and v10
>>>>> @bigpipe_commandtable = (
>>>>> {bigpipe version => ShowVersion},
>>>>> {bigpipe platform => ShowPlatform},
>>>>> {cat /config/bigip.license => ShowLicense},
>>>>> {bigpipe monitor list all => ShowMonitor},
>>>>> {bigpipe profile list => ShowProfile},
>>>>> {bigpipe base list => ShowBaseRun},
>>>>> {bigpipe db show => ShowDb},
>>>>> {bigpipe route static show => ShowRouteStatic},
>>>>> #{ls --full-time --color=never /config/ssl/ssl.crt =>
>>>>> ShowSslCrt},
>>>>> #{ls --full-time --color=never /config/ssl/ssl.key =>
>>>>> ShowSslKey},
>>>>> {bigpipe list => WriteTermBIGPIPE}
>>>>> );
>>>>> # tmsh commands, BIGIP v11
>>>>> @tmsh_commandtable = (
>>>>> {tmsh show /sys version => ShowVersion},
>>>>> {tmsh show /sys hardware => ShowHardware},
>>>>> {tmsh show /sys license => ShowLicense},
>>>>> #{cat /config/ZebOS.conf => ShowZebOSconf},
>>>>> #{lsof -i :179 => ShowZebOSsockets},
>>>>> {tmsh show /net route static => ShowRouteStatic},
>>>>> #{ls --full-time --color=never /config/ssl/ssl.crt =>
>>>>> ShowSslCrt},
>>>>> #{ls --full-time --color=never /config/ssl/ssl.key =>
>>>>> ShowSslKey},
>>>>> #{tmsh -q list => WriteTermTMSH},
>>>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH},
>>>>> {./f5part => WriteTermTMSH},
>>>>>
>>>>> Yes, my rancid is working good with the common partitions..
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> On Sat, Feb 7, 2015 at 5:51 AM, Shaun Krok
>>>>>> <Shaun.Krok at 888holdings.com [20]
>>>>>> [20]> wrote:
>>>>>>
>>>>>> Thanks John --- this worked
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Much appreciated
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Shaun
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> FROM: John Kougoulos [mailto:john.kougoulos at gmail.com [15]
>>>>>>> [15]]
>>>>>>> SENT: Wednesday, February 04, 2015 12:57 PM
>>>>>>> TO: Shaun Krok
>>>>>>>
>>>>>>> CC: rancid-discuss at shrubbery.net [16] [16]
>>>>>>> SUBJECT: Re: [rancid] rancid not working with partitions
>>>>>>> v11.x tmsh
>>>>>>> F5 LTM
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I had a similar problem with the width of the terminal, so
>>>>>>> when the
>>>>>>> device was out of sync, the prompt was becoming longer and
>>>>>>> some of
>>>>>>> the commands failed to be parsed.
>>>>>>>
>>>>>>> I had to change in f5rancid the line:
>>>>>>> $ENV{TERM} = "vt100";
>>>>>>>
>>>>>>> to:
>>>>>>> $ENV{TERM} = "vt100-w";
>>>>>>>
>>>>>>> Regards,
>>>>>>> John
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Feb 4, 2015 at 8:33 AM, Shaun Krok
>>>>>>> <Shaun.Krok at 888holdings.com [17] [17]> wrote:
>>>>>>>
>>>>>>> Hi there
>>>>>>>>
>>>>>>>> I was hoping someone had come across this issue.
>>>>>>>>
>>>>>>>> We are using Rancid to collect diffs from our BIG-IP
>>>>>>>> clusters
>>>>>>>> (as per bash script below)
>>>>>>>> It works really well but are now facing an issue for
>>>>>>>> reason
>>>>>>>> unknown that when the cluster is not synced the rancid
>>>>>>>> fails and
>>>>>>>> reports fetcher issues.
>>>>>>>> If I run the bash script below manually on each device it
>>>>>>>> works
>>>>>>>> without issue.
>>>>>>>> As soon the cluster is synced it works fine ..
>>>>>>>>
>>>>>>>> It appears that TMSH is not allowing the script to work
>>>>>>>> but it
>>>>>>>> works fine if I run it manually on the BIG-IP
>>>>>>>>
>>>>>>>> What could be the problem ?
>>>>>>>>
>>>>>>>> Thank you
>>>>>>>>
>>>>>>>> Shaun
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Rancid-discuss
>>>>>>>> [mailto:rancid-discuss-bounces at shrubbery.net [1]
>>>>>>>> [1]] On Behalf Of Shaun Krok
>>>>>>>> Sent: Monday, October 13, 2014 8:13 AM
>>>>>>>> To: Mick ORourke
>>>>>>>> Cc: rancid-discuss at shrubbery.net [2] [2]
>>>>>>>> Subject: Re: [rancid] rancid not working with partitions
>>>>>>>> v11.x
>>>>>>>> tmsh F5 LTM
>>>>>>>>
>>>>>>>> Thank your for the reply ---
>>>>>>>>
>>>>>>>> i have created a bash script on the F5 and it works
>>>>>>>> creating a
>>>>>>>> test.file with all the config
>>>>>>>> the file is in /root/f5part
>>>>>>>>
>>>>>>>> #!/bin/bash
>>>>>>>> tmsh -q -c cd / ;list recursive
>>>>>>>>
>>>>>>>> how do i call from f5rancid or do i have this all wrong ?
>>>>>>>>
>>>>>>>> {tmsh -q list => WriteTermTMSH},
>>>>>>>> #{tmsh -q -c /"cd /;list recursive"/ => WriteTermTMSH},
>>>>>>>>
>>>>>>>> On 2014-10-13 06:13, Mick ORourke wrote:
>>>>>>>> > We found easiestquickest way to modify rancid-f5 - post
>>>>>>>> 11.x
>>>>>>>> version
>>>>>>>> > checkdetect, call a bash script under /root/bin which
>>>>>>>> runs
>>>>>>>> "tmsh -q
>>>>>>>> > -c
>>>>>>>> > cd / ;list recursive" working around the rancid
>>>>>>>> limitationerrors that
>>>>>>>> > resulted when cd / ;list recursive was added to
>>>>>>>> rancid-f5
>>>>>>>> itself.
>>>>>>>> >
>>>>>>>> > On 12 October 2014 15:27, Shaun Krok <krok at krok.za.net
>>>>>>>> [3] [3] [4]>
>>>>>>>>
>>>>>>>> wrote:
>>>>>>>> >
>>>>>>>> >> Hi
>>>>>>>> >>
>>>>>>>> >> I am busy to integrate Rancid into our network and
>>>>>>>> have an
>>>>>>>> issue
>>>>>>>> >> with partitions on BIG IP LTM v11.x
>>>>>>>> >> All works fine but Rancid does not backup all
>>>>>>>> partitions …
>>>>>>>> >> I am using the script from GIT with TMSH commands
>>>>>>>> >>
>>>>>>>> >> This command work from bash : tmsh -q -c "cd /; list
>>>>>>>> recursive" but
>>>>>>>> >> does not from the script ..
>>>>>>>> >>
>>>>>>>> >> This is a snip from the forum where the issue was
>>>>>>>> identified
>>>>>>>> but is
>>>>>>>> >> anyone aware if there is a fix :
>>>>>>>> >>
>>>>>>>> >> Thanks
>>>>>>>> >>
>>>>>>>> >> Shaun
>>>>>>>> >>
>>>>>>>> >> here is a working tmsh version in the rancid git repo.
>>>>>>>> >>
>>>>>>>> >> The only thing that doesnt work when adjusting the
>>>>>>>> script to
>>>>>>>> list
>>>>>>>> >> all
>>>>>>>> >> partition co config is a tmsh -q -c "cd /; list
>>>>>>>> recursive" -
>>>>>>>> it
>>>>>>>> >> errors out
>>>>>>>> >> due to extra double quotes required by the -c option.
>>>>>>>> >> On Dec 6, 2012 8:57 PM, "Darius Seroka" <dariusjs at
>>>>>>>> gmail.com [4]
>>>>>>>> [4] [1]>
>>>>>>>> >> wrote:
>>>>>>>> >>
>>>>>>>> >> Shaun Krok
>>>>>>>> >> Network Team
>>>>>>>> >>
>>>>>>>> >> --
>>>>>>>> >> Shaun Krok
>>>>>>>> >> Tel: 050 2424 381
>>>>>>>> >> _______________________________________________
>>>>>>>> >> Rancid-discuss mailing list
>>>>>>>> >> Rancid-discuss at shrubbery.net [5] [5] [2]
>>>>>>>> >>
>>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>>>> [6] [6]
>>>>>>>> [3]
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Links:
>>>>>>>> > ------
>>>>>>>> > [1] http://gmail.com [7] [7]
>>>>>>>> > [2] mailto:Rancid-discuss at shrubbery.net [8] [8]
>>>>>>>> > [3]
>>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>>>> [9]
>>>>>>>> [9]
>>>>>>>> > [4] mailto:krok at krok.za.net [10] [10]
>>>>>>>>
>>>>>>>> --
>>>>>>>> Shaun Krok
>>>>>>>> Tel: 050 2424 381
>>>>>>>> _______________________________________________
>>>>>>>> Rancid-discuss mailing list
>>>>>>>> Rancid-discuss at shrubbery.net [11] [11]
>>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>>>> [12] [12]
>>>>>>>>
>>>>>>>>
>>>>>>>> This email message and its attachments are for the sole
>>>>>>>> use of the
>>>>>>>> intended recipient(s) and may not be shared with any
>>>>>>>> other party.
>>>>>>>> They may contain confidential information of 888 Holdings
>>>>>>>> plc or
>>>>>>>> its direct and indirect subsidiaries (together, the
>>>>>>>> “888
>>>>>>>> Group”) and are to be regarded as confidential
>>>>>>>> information under
>>>>>>>> any non-disclosure agreement. Any review, use, disclosure
>>>>>>>> or
>>>>>>>> distribution by persons or entities other than the
>>>>>>>> intended
>>>>>>>> recipient(s) is prohibited. Nothing in this message is
>>>>>>>> capable of
>>>>>>>> or intended to create any legally binding obligation. The
>>>>>>>> 888
>>>>>>>> Group will only ever assume a legally binding obligation
>>>>>>>> where
>>>>>>>> recorded in a written agreement duly executed by the
>>>>>>>> authorized
>>>>>>>> signatories of the relevant 888 Group company. The 888
>>>>>>>> Group
>>>>>>>> accepts no liability for any personal views expressed in
>>>>>>>> this
>>>>>>>> message. If you are not the intended recipient, please
>>>>>>>> contact the
>>>>>>>> sender by return and destroy all copies of the original
>>>>>>>> message
>>>>>>>> and its attachments. Thank you
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Rancid-discuss mailing list
>>>>>>>> Rancid-discuss at shrubbery.net [13] [13]
>>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>>>> [14] [14]
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> This email message and its attachments are for the sole use
>>>>>>> of the
>>>>>>> intended recipient(s) and may not be shared with any other
>>>>>>> party.
>>>>>>> They may contain confidential information of 888 Holdings
>>>>>>> plc or its
>>>>>>> direct and indirect subsidiaries (together, the “888
>>>>>>> Group”) and
>>>>>>> are to be regarded as confidential information under any
>>>>>>> non-disclosure agreement. Any review, use, disclosure or
>>>>>>> distribution by persons or entities other than the intended
>>>>>>> recipient(s) is prohibited. Nothing in this message is
>>>>>>> capable of or
>>>>>>> intended to create any legally binding obligation. The 888
>>>>>>> Group
>>>>>>> will only ever assume a legally binding obligation where
>>>>>>> recorded in
>>>>>>> a written agreement duly executed by the authorized
>>>>>>> signatories of
>>>>>>> the relevant 888 Group company. The 888 Group accepts no
>>>>>>> liability
>>>>>>> for any personal views expressed in this message. If you
>>>>>>> are not the
>>>>>>> intended recipient, please contact the sender by return and
>>>>>>> destroy
>>>>>>> all copies of the original message and its attachments.
>>>>>>> Thank you
>>>>>>> _______________________________________________
>>>>>>> Rancid-discuss mailing list
>>>>>>> Rancid-discuss at shrubbery.net [18] [18]
>>>>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>>> [19] [19]
>>>>>>>
>>>>>>
>>>>>> Links:
>>>>>> ------
>>>>>> [1] mailto:rancid-discuss-bounces at shrubbery.net [21]
>>>>>> [2] mailto:rancid-discuss at shrubbery.net [22]
>>>>>> [3] mailto:krok at krok.za.net [23]
>>>>>> [4] http://gmail.com [24]
>>>>>> [5] mailto:Rancid-discuss at shrubbery.net [25]
>>>>>> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>> [26]
>>>>>> [7] http://gmail.com [27]
>>>>>> [8] mailto:Rancid-discuss at shrubbery.net [28]
>>>>>> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>> [29]
>>>>>> [10] mailto:krok at krok.za.net [30]
>>>>>> [11] mailto:Rancid-discuss at shrubbery.net [31]
>>>>>> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>> [32]
>>>>>> [13] mailto:Rancid-discuss at shrubbery.net [33]
>>>>>> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>> [34]
>>>>>> [15] mailto:john.kougoulos at gmail.com [35]
>>>>>> [16] mailto:rancid-discuss at shrubbery.net [36]
>>>>>> [17] mailto:Shaun.Krok at 888holdings.com [37]
>>>>>> [18] mailto:Rancid-discuss at shrubbery.net [38]
>>>>>> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>>>>> [39]
>>>>>> [20] mailto:Shaun.Krok at 888holdings.com [40]
>>>>>>
>>>>>
>>>>> --
>>>>> Shaun Krok
>>>>> Tel: 050 2424 381
>>>>>
>>>>
>>
>>
>> Links:
>> ------
>> [1] mailto:rancid-discuss-bounces at shrubbery.net
>> [2] mailto:rancid-discuss at shrubbery.net
>> [3] mailto:krok at krok.za.net
>> [4] http://gmail.com
>> [5] mailto:Rancid-discuss at shrubbery.net
>> [6] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [7] http://gmail.com
>> [8] mailto:Rancid-discuss at shrubbery.net
>> [9] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [10] mailto:krok at krok.za.net
>> [11] mailto:Rancid-discuss at shrubbery.net
>> [12] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [13] mailto:Rancid-discuss at shrubbery.net
>> [14] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [15] mailto:john.kougoulos at gmail.com
>> [16] mailto:rancid-discuss at shrubbery.net
>> [17] mailto:Shaun.Krok at 888holdings.com
>> [18] mailto:Rancid-discuss at shrubbery.net
>> [19] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [20] mailto:Shaun.Krok at 888holdings.com
>> [21] mailto:rancid-discuss-bounces at shrubbery.net
>> [22] mailto:rancid-discuss at shrubbery.net
>> [23] mailto:krok at krok.za.net
>> [24] http://gmail.com
>> [25] mailto:Rancid-discuss at shrubbery.net
>> [26] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [27] http://gmail.com
>> [28] mailto:Rancid-discuss at shrubbery.net
>> [29] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [30] mailto:krok at krok.za.net
>> [31] mailto:Rancid-discuss at shrubbery.net
>> [32] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [33] mailto:Rancid-discuss at shrubbery.net
>> [34] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [35] mailto:john.kougoulos at gmail.com
>> [36] mailto:rancid-discuss at shrubbery.net
>> [37] mailto:Shaun.Krok at 888holdings.com
>> [38] mailto:Rancid-discuss at shrubbery.net
>> [39] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> [40] mailto:Shaun.Krok at 888holdings.com
>> [41] mailto:krok at krok.za.net
>> [42] mailto:lsy.annie at gmail.com
>> [43] mailto:lsy.annie at gmail.com
>>
>
> --
> Shaun Krok
> Tel: 050 2424 381
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150211/3584840e/attachment.html>
-------------- next part --------------
898 ltm monitor dns dns {
899 accept-rcode no-error
900 answer-contains query-type
901 destination *:*
902 interval 5
903 qtype a
904 time-until-up 0
905 timeout 16
906 }
907 ltm monitor external external {
908 destination *:*
909 interval 5
910 time-until-up 0
911 timeout 16
912 }
913 ltm monitor firepass firepass {
914 cipherlist HIGH:!ADH
915 concurrency-limit 95
916 destination *:*
917 interval 5
918 max-load-average 12
919 time-until-up 0
920 timeout 16
921 username gtmuser
922 }
923 ltm monitor ftp ftp {
924 debug no
925 destination *:*
926 interval 10
927 mode passive
928 time-until-up 0
929 timeout 31
930 }
931 ltm monitor gateway-icmp gateway_icmp {
932 destination *:*
933 interval 5
934 time-until-up 0
935 timeout 16
936 }
937 ltm monitor http http {
938 destination *:*
939 interval 5
940 ip-dscp 0
941 send "GET /\r\n"
942 time-until-up 0
943 timeout 16
944 }
1070 ltm monitor nntp nntp {
1071 debug no
1072 destination *:*
1073 interval 5
1074 time-until-up 0
1075 timeout 16
1076 }
1077 ltm monitor none none {
1078 destination *:6666
1079 }
1080 ltm monitor oracle oracle {
1081 count 0
1082 database %node_ip%:%node_port%:
1083 debug no
1084 destination *:*
1085 interval 30
1086 time-until-up 0
1087 timeout 91
1088 }
1089 ltm monitor pop3 pop3 {
1090 debug no
1091 destination *:*
1092 interval 5
1093 time-until-up 0
1094 timeout 16
1095 }
1096 ltm monitor postgresql postgresql {
1097 count 0
1098 debug no
1099 destination *:*
1100 interval 30
1101 time-until-up 0
1102 timeout 91
1103 }
1104 ltm monitor radius radius {
1105 debug no
1106 destination *:*
1107 interval 10
1108 time-until-up 0
1109 timeout 31
1110 }
1111 ltm monitor radius-accounting radius_accounting {
1112 debug no
1113 destination *:*
1114 interval 10
1115 time-until-up 0
1116 timeout 31
1117 }
1118 ltm monitor real-server real_server {
1119 agent "Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)"
1120 command GetServerStats
1121 interval 5
1122 method GET
1123 metrics "ServerBandwidth:1.5, CPUPercentUsage, MemoryUsage, TotalClientCount"
1124 time-until-up 0
1125 timeout 16
1126 }
1127 ltm monitor rpc rpc {
1128 debug no
1129 destination *:*
1130 interval 10
1131 mode tcp
1132 time-until-up 0
1133 timeout 31
1134 }
1135 ltm monitor sasp sasp {
1136 interval auto
1137 mode pull
1138 protocol tcp
1139 service 3860
1140 time-until-up 0
1141 }
1142 ltm monitor scripted scripted {
1143 debug no
1144 destination *:*
1145 interval 10
1146 time-until-up 0
1147 timeout 31
1148 }
1149 ltm monitor sip sip {
1150 cipherlist DEFAULT:+SHA:+3DES:+kEDH
1151 compatibility enabled
1152 debug no
1153 destination *:*
1154 interval 5
1155 mode udp
1156 time-until-up 0
1157 timeout 16
1158 }
1159 ltm monitor smb smb {
1160 debug no
1161 destination *:*
1162 interval 10
1163 time-until-up 0
1164 timeout 31
1165 }
1166 ltm monitor smtp smtp {
1167 debug no
1168 destination *:*
1169 interval 5
1170 time-until-up 0
1171 timeout 16
1172 }
1173 ltm monitor snmp-dca snmp_dca {
1174 agent-type UCD
1175 community public
1176 cpu-coefficient 1.5
1177 cpu-threshold 80
1178 disk-coefficient 2.0
1179 disk-threshold 90
1180 interval 10
1181 memory-coefficient 1.0
1182 memory-threshold 70
1183 time-until-up 0
1184 timeout 30
1185 version v1
1186 }
1187 ltm monitor snmp-dca-base snmp_dca_base {
1188 community public
1189 interval 10
1190 time-until-up 0
1191 timeout 30
1192 version v1
1193 }
1194 ltm monitor soap soap {
1195 debug no
1196 destination *:*
1197 expect-fault no
1198 interval 5
1199 protocol http
1200 time-until-up 0
1201 timeout 16
1202 }
1203 ltm monitor tcp tcp {
1204 destination *:*
1205 interval 5
1206 ip-dscp 0
1207 time-until-up 0
1208 timeout 16
1209 }
1210 ltm monitor tcp-echo tcp_echo {
1211 interval 5
1212 time-until-up 0
1213 timeout 16
1214 }
1215 ltm monitor tcp-half-open TCP-HALF-10secs {
1216 defaults-from tcp_half_open
1217 description "Modified TCP Half-Open"
1218 destination *:*
1219 interval 10
1220 time-until-up 0
1221 timeout 21
1222 }
1223 ltm monitor tcp-half-open tcp_half_open {
1224 destination *:*
1225 interval 5
1226 time-until-up 0
1227 timeout 16
1228 }
1229 ltm monitor udp udp {
1230 debug no
1231 destination *:*
1232 interval 5
1233 send "default send string"
1234 time-until-up 0
1235 timeout 16
1236 }
1237 ltm monitor virtual-location virtual_location {
1238 debug no
1239 interval 5
1240 time-until-up 0
1241 timeout 16
1242 }
1243 ltm monitor wap wap {
1244 debug no
1245 destination *:*
1246 interval 10
1247 time-until-up 0
1248 timeout 31
1249 }
1250 ltm monitor wmi wmi {
1251 agent "Mozilla/4.0 (compatible: MSIE 5.0; Windows NT)"
1252 command "GetCPUInfo, GetDiskInfo, GetOSInfo"
1253 destination *:http
1254 interval 5
1255 method POST
1256 metrics "LoadPercentage, DiskUsage, PhysicalMemoryUsage:1.5, VirtualMemoryUsage:2.0"
1257 post RespFormat=HTML
1258 time-until-up 0
1259 timeout 16
1260 url /scripts/F5Isapi.dll
1261 }
1357 }
1358 ltm persistence cookie cookie {
1359 app-service none
1360 cookie-name none
1361 expiration 0
1362 hash-length 0
1363 hash-offset 0
1364 method insert
1365 mirror disabled
1366 }
1367 ltm persistence dest-addr dest_addr {
1368 app-service none
1369 mask none
1370 mirror disabled
1371 timeout 180
1372 }
1373 ltm persistence global-settings { }
1374 ltm persistence hash hash {
1375 app-service none
1376 mirror disabled
1377 rule none
1378 timeout 180
1379 }
1380 ltm persistence msrdp msrdp {
1381 app-service none
1382 has-session-dir yes
1383 mirror disabled
1384 timeout 300
1385 }
1386 ltm persistence sip sip_info {
1387 app-service none
1388 mirror disabled
1389 timeout 180
1390 }
1391 ltm persistence source-addr source_addr {
1392 app-service none
1393 map-proxies enabled
1394 mask none
1395 mirror disabled
1396 timeout 180
1397 }
1398 ltm persistence ssl ssl {
1399 app-service none
1400 mirror disabled
1401 timeout 300
1402 }
1403 ltm persistence universal universal {
1404 app-service none
1405 mirror disabled
1406 rule none
1407 timeout 180
1408 }
1409 ltm policy _sys_CEC_SSL_policy {
1410 controls { classification }
1411 requires { ssl-persistence }
1412 rules {
1413 akamai_cert_1 {
1414 actions {
1415 1 {
1416 pem
1417 ssl-server-handshake
1418 classify
1419 application /Common/akamai
1420 ssl-session-id
1421 }
1422 }
1423 conditions {
1424 1 {
1425 ssl-cert
1426 ssl-server-handshake
1427 common-name
1428 ends-with
1429 values { .edgecastcdn.net .akamai.net .edgekey.net }
1430 }
1431 }
1432 ordinal 10004
1433 }
1434 akamai_sni_1 {
1435 actions {
1436 1 {
1437 pem
1438 ssl-client-hello
1439 classify
1440 application /Common/akamai
1441 ssl-session-id
1442 }
1443 }
1444 conditions {
1445 1 {
1446 ssl-extension
1447 ssl-client-hello
1448 server-name
1449 ends-with
1450 values { .edgecastcdn.net .akamaihd.net .edgekey.net }
1451 }
1452 }
1453 ordinal 10005
1454 }
1455 amazon_adv_cert_1 {
1456 actions {
1457 1 {
1458 pem
1459 ssl-server-handshake
1460 classify
1461 application /Common/amazon_adv
1462 ssl-session-id
1463 }
1464 }
1465 conditions {
1466 1 {
1467 ssl-cert
1468 ssl-server-handshake
1469 common-name
1470 ends-with
1471 values { .amazon-adsystem.com }
1472 }
1473 }
1474 ordinal 196
1475 }
1476 amazon_adv_sni_1 {
1477 actions {
1478 1 {
1479 pem
1480 ssl-client-hello
1481 classify
1482 application /Common/amazon_adv
1483 ssl-session-id
1484 }
1485 }
1486 conditions {
1487 1 {
1488 ssl-extension
1489 ssl-client-hello
1490 server-name
1491 ends-with
1492 values { .amazon-adsystem.com }
1493 }
1494 }
1495 ordinal 197
1496 }
1497 amazon_aws_cert_1 {
1498 actions {
1499 1 {
1500 pem
1501 ssl-server-handshake
1502 classify
1503 application /Common/amazon_aws
1504 ssl-session-id
1505 }
1506 }
1507 conditions {
1508 1 {
1509 ssl-cert
1510 ssl-server-handshake
1511 common-name
1512 ends-with
1513 values { .cloudfront.net .amazon.com }
1514 }
1515 }
1516 ordinal 10002
1517 }
1518 amazon_aws_sni_1 {
1519 actions {
1520 1 {
1521 pem
1522 ssl-client-hello
1523 classify
1524 application /Common/amazon_aws
1525 ssl-session-id
1526 }
1527 }
1528 conditions {
1529 1 {
1530 ssl-extension
1531 ssl-client-hello
1532 server-name
1533 ends-with
1534 values { .cloudfront.net .amazon.com }
1535 }
1536 }
1537 ordinal 10003
1538 }
1539 amazon_cert_1 {
1540 actions {
1541 1 {
1542 pem
1543 ssl-server-handshake
1544 classify
1545 application /Common/amazon
1546 ssl-session-id
1547 }
1548 }
1549 conditions {
1550 1 {
1551 ssl-cert
1552 ssl-server-handshake
1553 common-name
1554 ends-with
1555 values { .amazon.com -amazon.com }
1556 }
1557 }
1558 ordinal 192
1559 }
1560 amazon_cert_2 {
1561 actions {
1562 1 {
1563 pem
1564 ssl-server-handshake
1565 classify
1566 application /Common/amazon
1567 ssl-session-id
1568 }
1569 }
1570 conditions {
1571 1 {
1572 ssl-cert
1573 ssl-server-handshake
1574 common-name
1575 contains
1576 values { .amazon. }
1577 }
1578 }
1579 ordinal 194
1580 }
1581 amazon_sni_1 {
1582 actions {
1583 1 {
1584 pem
1585 ssl-client-hello
1586 classify
1587 application /Common/amazon
1588 ssl-session-id
1589 }
1590 }
1591 conditions {
1592 1 {
1593 ssl-extension
1594 ssl-client-hello
1595 server-name
1596 ends-with
1597 values { .amazon.com -amazon.com }
1598 }
1599 }
1600 ordinal 193
1601 }
1602 amazon_sni_2 {
1603 actions {
1604 1 {
1605 pem
1606 ssl-client-hello
1607 classify
1608 application /Common/amazon
1609 ssl-session-id
1610 }
1611 }
1612 conditions {
1613 1 {
1614 ssl-extension
1615 ssl-client-hello
1616 server-name
1617 contains
1618 values { .amazon. }
1619 }
1620 }
1621 ordinal 195
1622 }
1623 americanexpress_cert_1 {
1624 actions {
1625 1 {
1626 pem
1627 ssl-server-handshake
1628 classify
1629 application /Common/americanexpress
1630 ssl-session-id
1631 }
1632 }
1633 conditions {
1634 1 {
1635 ssl-cert
1636 ssl-server-handshake
1637 common-name
1638 ends-with
1639 values { .americanexpress.com .aexp-static.com }
1640 }
1641 }
1642 ordinal 230
1643 }
1644 americanexpress_cert_sni_1 {
1645 actions {
1646 1 {
1647 pem
1648 ssl-server-handshake
1649 classify
1650 application /Common/americanexpress
1651 ssl-session-id
1652 }
1653 }
1654 conditions {
1655 1 {
1656 ssl-cert
1657 ssl-server-handshake
1658 common-name
1659 ends-with
1660 values { .2o7.net .demdex.net }
1661 }
1662 2 {
1663 ssl-extension
1664 ssl-client-hello
1665 server-name
1666 starts-with
1667 values { 2americanexpress. aexp.demdex.net }
1668 }
1669 }
1670 ordinal 232
1671 }
1672 americanexpress_sni_1 {
1673 actions {
1674 1 {
1675 pem
1676 ssl-client-hello
1677 classify
1678 application /Common/americanexpress
1679 ssl-session-id
1680 }
1681 }
1682 conditions {
1683 1 {
1684 ssl-extension
1685 ssl-client-hello
1686 server-name
1687 ends-with
1688 values { .americanexpress.com .aexp-static.com }
1689 }
1690 }
1691 ordinal 231
1692 }
1693 apple_cert_1 {
1694 actions {
1695 1 {
1696 pem
1697 ssl-server-handshake
1698 classify
1699 application /Common/apple
1700 ssl-session-id
1701 }
1702 }
1703 conditions {
1704 1 {
1705 ssl-cert
1706 ssl-server-handshake
1707 common-name
1708 values { apple.com }
1709 }
1710 }
1711 ordinal 146
1712 }
1713 apple_cert_2 {
1714 actions {
1715 1 {
1716 pem
1717 ssl-server-handshake
1718 classify
1719 application /Common/apple
1720 ssl-session-id
1721 }
1722 }
1723 conditions {
1724 1 {
1725 ssl-cert
1726 ssl-server-handshake
1727 common-name
1728 ends-with
1729 values { .apple.com .cdn-apple.com }
1730 }
1731 }
1732 ordinal 148
1733 }
1734 apple_sni_1 {
1735 actions {
1736 1 {
1737 pem
1738 ssl-client-hello
1739 classify
1740 application /Common/apple
1741 ssl-session-id
1742 }
1743 }
1744 conditions {
1745 1 {
1746 ssl-extension
1747 ssl-client-hello
1748 server-name
1749 values { apple.com }
1750 }
1751 }
1752 ordinal 147
1753 }
1754 apple_sni_2 {
1755 actions {
1756 1 {
1757 pem
1758 ssl-client-hello
1759 classify
1760 application /Common/apple
1761 ssl-session-id
1762 }
1763 }
1764 conditions {
1765 1 {
1766 ssl-extension
1767 ssl-client-hello
1768 server-name
1769 ends-with
1770 values { .apple.com .cdn-apple.com }
1771 }
1772 }
1773 ordinal 149
1774 }
1775 badoo_cert_1 {
1776 actions {
1777 1 {
1778 pem
1779 ssl-server-handshake
1780 classify
1781 application /Common/badoo
1782 ssl-session-id
1783 }
1784 }
1785 conditions {
1786 1 {
1787 ssl-cert
1788 ssl-server-handshake
1789 common-name
1790 ends-with
1791 values { .badoo.com .badoocdn.com }
1792 }
1793 }
1794 ordinal 140
1795 }
1796 badoo_sni_1 {
1797 actions {
1798 1 {
1799 pem
1800 ssl-client-hello
1801 classify
1802 application /Common/badoo
1803 ssl-session-id
1804 }
1805 }
1806 conditions {
1807 1 {
1808 ssl-extension
1809 ssl-client-hello
1810 server-name
1811 ends-with
1812 values { badoo.com badoocdn.com }
1813 }
1814 }
1815 ordinal 141
1816 }
1817 baidu_cert_1 {
1818 actions {
1819 1 {
1820 pem
1821 ssl-server-handshake
1822 classify
1823 application /Common/baidu
1824 ssl-session-id
1825 }
1826 }
1827 conditions {
1828 1 {
1829 ssl-cert
1830 ssl-server-handshake
1831 common-name
1832 ends-with
1833 values { .baidu.com }
1834 }
1835 }
1836 ordinal 190
1837 }
1838 baidu_sni_1 {
1839 actions {
1840 1 {
1841 pem
1842 ssl-client-hello
1843 classify
1844 application /Common/baidu
1845 ssl-session-id
1846 }
1847 }
1848 conditions {
1849 1 {
1850 ssl-extension
1851 ssl-client-hello
1852 server-name
1853 ends-with
1854 values { .baidu.com }
1855 }
1856 }
1857 ordinal 191
1858 }
1859 bing_cert_1 {
1860 actions {
1861 1 {
1862 pem
1863 ssl-server-handshake
1864 classify
1865 application /Common/bing
1866 ssl-session-id
1867 }
1868 }
1869 conditions {
1870 1 {
1871 ssl-cert
1872 ssl-server-handshake
1873 common-name
1874 ends-with
1875 values { .bing.com .virtualearth.net }
1876 }
1877 }
1878 ordinal 100
1879 }
1880 bing_sni_1 {
1881 actions {
1882 1 {
1883 pem
1884 ssl-client-hello
1885 classify
1886 application /Common/bing
1887 ssl-session-id
1888 }
1889 }
1890 conditions {
1891 1 {
1892 ssl-extension
1893 ssl-client-hello
1894 server-name
1895 ends-with
1896 values { .bing.com .virtualearth.net }
1897 }
1898 }
1899 ordinal 101
1900 }
1901 blogger_cert_1 {
1902 actions {
1903 1 {
1904 pem
1905 ssl-server-handshake
1906 classify
1907 application /Common/blogger
1908 ssl-session-id
1909 }
1910 }
1911 conditions {
1912 1 {
1913 ssl-cert
1914 ssl-server-handshake
1915 common-name
1916 ends-with
1917 values { .blogger.com }
1918 }
1919 }
1920 ordinal 130
1921 }
1922 blogger_sni_1 {
1923 actions {
1924 1 {
1925 pem
1926 ssl-client-hello
1927 classify
1928 application /Common/blogger
1929 ssl-session-id
1930 }
1931 }
1932 conditions {
1933 1 {
1934 ssl-extension
1935 ssl-client-hello
1936 server-name
1937 ends-with
1938 values { .blogger.com }
1939 }
1940 }
1941 ordinal 131
1942 }
1943 break_cert_1 {
1944 actions {
1945 1 {
1946 pem
1947 ssl-server-handshake
1948 classify
1949 application /Common/break
1950 ssl-session-id
1951 }
1952 }
1953 conditions {
1954 1 {
1955 ssl-cert
1956 ssl-server-handshake
1957 common-name
1958 ends-with
1959 values { .break.com }
1960 }
1961 }
1962 ordinal 239
1963 }
1964 break_sni_1 {
1965 actions {
1966 1 {
1967 pem
1968 ssl-client-hello
1969 classify
1970 application /Common/break
1971 ssl-session-id
1972 }
1973 }
1974 conditions {
1975 1 {
1976 ssl-extension
1977 ssl-client-hello
1978 server-name
1979 ends-with
1980 values { .break.com }
1981 }
1982 }
1983 ordinal 240
1984 }
1985 cartoonnetwork_cert_1 {
1986 actions {
1987 1 {
1988 pem
1989 ssl-server-handshake
1990 classify
1991 application /Common/cartoonnetwork
1992 ssl-session-id
1993 }
1994 }
1995 conditions {
1996 1 {
1997 ssl-cert
1998 ssl-server-handshake
1999 common-name
2000 ends-with
2001 values { .cartoonnetwork.com }
2002 }
2003 }
2004 ordinal 243
2005 }
2006 cartoonnetwork_sni_1 {
2007 actions {
2008 1 {
2009 pem
2010 ssl-client-hello
2011 classify
2012 application /Common/cartoonnetwork
2013 ssl-session-id
2014 }
2015 }
2016 conditions {
2017 1 {
2018 ssl-extension
2019 ssl-client-hello
2020 server-name
2021 ends-with
2022 values { .cartoonnetwork.com }
2023 }
2024 }
2025 ordinal 244
2026 }
2027 classmates_cert_1 {
2028 actions {
2029 1 {
2030 pem
2031 ssl-server-handshake
2032 classify
2033 application /Common/classmates
2034 ssl-session-id
2035 }
2036 }
2037 conditions {
2038 1 {
2039 ssl-cert
2040 ssl-server-handshake
2041 common-name
2042 ends-with
2043 values { .classmates.com }
2044 }
2045 }
2046 ordinal 233
2047 }
2048 classmates_sni_1 {
2049 actions {
2050 1 {
2051 pem
2052 ssl-client-hello
2053 classify
2054 application /Common/classmates
2055 ssl-session-id
2056 }
2057 }
2058 conditions {
2059 1 {
2060 ssl-extension
2061 ssl-client-hello
2062 server-name
2063 ends-with
2064 values { .classmates.com }
2065 }
2066 }
2067 ordinal 234
2068 }
2069 common_adv_cert_1 {
2070 actions {
2071 1 {
2072 pem
2073 ssl-server-handshake
2074 classify
2075 application /Common/common_adv
2076 ssl-session-id
2077 }
2078 }
2079 conditions {
2080 1 {
2081 ssl-cert
2082 ssl-server-handshake
2083 common-name
2084 ends-with
2085 values { .admedia.com .adnxs.com .admitad.com .adobetag.com .advertising.com .bkrtx.com .bluekai.com .casalemedia.com .flashtalking.com .kissmetrics.com .lphbs.com .luxup.ru .mixpanel.com .newrelic.com .nexac.com .optimizely.com .quantserve.com .realmedia.com .sc.omtrdc.net .scorecardresearch.com .superfish.com .xiti.com }
2086 }
2087 }
2088 ordinal 10000
2089 }
2090 common_adv_sni_1 {
2091 actions {
2092 1 {
2093 pem
2094 ssl-client-hello
2095 classify
2096 application /Common/common_adv
2097 ssl-session-id
2098 }
2099 }
2100 conditions {
2101 1 {
2102 ssl-extension
2103 ssl-client-hello
2104 server-name
2105 ends-with
2106 values { .admedia.com .adnxs.com .admitad.com .adobetag.com .advertising.com .bkrtx.com .bluekai.com .casalemedia.com .flashtalking.com .kissmetrics.com .lphbs.com .luxup.ru .mixpanel.com .newrelic.com .nexac.com .optimizely.com .quantserve.com .realmedia.com .sc.omtrdc.net .scorecardresearch.com .superfish.com .xiti.com }
2107 }
2108 }
2109 ordinal 10001
2110 }
2111 doubleclick_cert_1 {
2112 actions {
2113 1 {
2114 pem
2115 ssl-server-handshake
2116 classify
2117 application /Common/doubleclick_ads
2118 ssl-session-id
2119 }
2120 }
2121 conditions {
2122 1 {
2123 ssl-cert
2124 ssl-server-handshake
2125 common-name
2126 ends-with
2127 values { .doubleclick.net }
2128 }
2129 }
2130 ordinal 27
2131 }
2132 doubleclick_sni_1 {
2133 actions {
2134 1 {
2135 pem
2136 ssl-client-hello
2137 classify
2138 application /Common/doubleclick_ads
2139 ssl-session-id
2140 }
2141 }
2142 conditions {
2143 1 {
2144 ssl-extension
2145 ssl-client-hello
2146 server-name
2147 ends-with
2148 values { .doubleclick.net .2mdn.net }
2149 }
2150 }
2151 ordinal 28
2152 }
2153 dropbox_cert_1 {
2154 actions {
2155 1 {
2156 pem
2157 ssl-server-handshake
2158 classify
2159 application /Common/dropbox
2160 ssl-session-id
2161 }
2162 }
2163 conditions {
2164 1 {
2165 ssl-cert
2166 ssl-server-handshake
2167 common-name
2168 ends-with
2169 values { .dropbox.com .dropboxusercontent.com }
2170 }
2171 }
2172 ordinal 135
2173 }
2174 dropbox_sni_1 {
2175 actions {
2176 1 {
2177 pem
2178 ssl-client-hello
2179 classify
2180 application /Common/dropbox
2181 ssl-session-id
2182 }
2183 }
2184 conditions {
2185 1 {
2186 ssl-extension
2187 ssl-client-hello
2188 server-name
2189 ends-with
2190 values { .dropbox.com .dropboxusercontent.com dt8kf6553cww8.cloudfront.net }
2191 }
2192 }
2193 ordinal 136
2194 }
2195 ebay_cert_1 {
2196 actions {
2197 1 {
2198 pem
2199 ssl-server-handshake
2200 classify
2201 application /Common/ebay
2202 ssl-session-id
2203 }
2204 }
2205 conditions {
2206 1 {
2207 ssl-cert
2208 ssl-server-handshake
2209 common-name
2210 ends-with
2211 values { .ebay.com .ebaystatic.com .ebayrtm.com }
2212 }
2213 }
2214 ordinal 182
2215 }
2216 ebay_cert_sni_1 {
2217 actions {
2218 1 {
2219 pem
2220 ssl-server-handshake
2221 classify
2222 application /Common/ebay
2223 ssl-session-id
2224 }
2225 }
2226 conditions {
2227 1 {
2228 ssl-extension
2229 ssl-client-hello
2230 server-name
2231 contains
2232 values { .ebay. }
2233 }
2234 }
2235 ordinal 184
2236 }
2237 ebay_sni_1 {
2238 actions {
2239 1 {
2240 pem
2241 ssl-client-hello
2242 classify
2243 application /Common/ebay
2244 ssl-session-id
2245 }
2246 }
2247 conditions {
2248 1 {
2249 ssl-extension
2250 ssl-client-hello
2251 server-name
2252 ends-with
2253 values { .ebay.com .ebaystatic.com .ebayrtm.com }
2254 }
2255 }
2256 ordinal 183
2257 }
2258 espn_cert_1 {
2259 actions {
2260 1 {
2261 pem
2262 ssl-server-handshake
2263 classify
2264 application /Common/espn
2265 ssl-session-id
2266 }
2267 }
2268 conditions {
2269 1 {
2270 ssl-cert
2271 ssl-server-handshake
2272 common-name
2273 ends-with
2274 values { .espn.go.com }
2275 }
2276 }
2277 ordinal 185
2278 }
2279 espn_sni_1 {
2280 actions {
2281 1 {
2282 pem
2283 ssl-client-hello
2284 classify
2285 application /Common/espn
2286 ssl-session-id
2287 }
2288 }
2289 conditions {
2290 1 {
2291 ssl-extension
2292 ssl-client-hello
2293 server-name
2294 ends-with
2295 values { .espn.go.com }
2296 }
2297 }
2298 ordinal 186
2299 }
2300 facebook_cert_1 {
2301 actions {
2302 1 {
2303 pem
2304 ssl-server-handshake
2305 classify
2306 application /Common/facebook
2307 ssl-session-id
2308 }
2309 }
2310 conditions {
2311 1 {
2312 ssl-cert
2313 ssl-server-handshake
2314 common-name
2315 ends-with
2316 values { .facebook.com .fbcdn.net }
2317 }
2318 }
2319 ordinal 70
2320 }
2321 facebook_sni_1 {
2322 actions {
2323 1 {
2324 pem
2325 ssl-client-hello
2326 classify
2327 application /Common/facebook
2328 ssl-session-id
2329 }
2330 }
2331 conditions {
2332 1 {
2333 ssl-extension
2334 ssl-client-hello
2335 server-name
2336 ends-with
2337 values { .facebook.com .fbcdn.net }
2338 }
2339 }
2340 ordinal 71
2341 }
2342 facebook_sni_2 {
2343 actions {
2344 1 {
2345 pem
2346 ssl-client-hello
2347 classify
2348 application /Common/facebook
2349 ssl-session-id
2350 }
2351 }
2352 conditions {
2353 1 {
2354 ssl-extension
2355 ssl-client-hello
2356 server-name
2357 starts-with
2358 values { fbexternal- fbstatic- fbcdn- }
2359 }
2360 2 {
2361 ssl-extension
2362 ssl-client-hello
2363 server-name
2364 ends-with
2365 values { .akamaihd.net }
2366 }
2367 }
2368 ordinal 72
2369 }
2370 flickr_cert_1 {
2371 actions {
2372 1 {
2373 pem
2374 ssl-server-handshake
2375 classify
2376 application /Common/flickr
2377 ssl-session-id
2378 }
2379 }
2380 conditions {
2381 1 {
2382 ssl-cert
2383 ssl-server-handshake
2384 common-name
2385 ends-with
2386 values { .staticflickr.com .flickr.com }
2387 }
2388 }
2389 ordinal 160
2390 }
2391 flickr_sni_1 {
2392 actions {
2393 1 {
2394 pem
2395 ssl-client-hello
2396 classify
2397 application /Common/flickr
2398 ssl-session-id
2399 }
2400 }
2401 conditions {
2402 1 {
2403 ssl-extension
2404 ssl-client-hello
2405 server-name
2406 ends-with
2407 values { .staticflickr.com .flickr.com }
2408 }
2409 }
2410 ordinal 161
2411 }
2412 friendster_cert_1 {
2413 actions {
2414 1 {
2415 pem
2416 ssl-server-handshake
2417 classify
2418 application /Common/friendster
2419 ssl-session-id
2420 }
2421 }
2422 conditions {
2423 1 {
2424 ssl-cert
2425 ssl-server-handshake
2426 common-name
2427 ends-with
2428 values { .friendster.com }
2429 }
2430 }
2431 ordinal 133
2432 }
2433 friendster_sni_1 {
2434 actions {
2435 1 {
2436 pem
2437 ssl-client-hello
2438 classify
2439 application /Common/friendster
2440 ssl-session-id
2441 }
2442 }
2443 conditions {
2444 1 {
2445 ssl-extension
2446 ssl-client-hello
2447 server-name
2448 ends-with
2449 values { .friendster.com d3lihw2jc2z1gc.cloudfront.net }
2450 }
2451 }
2452 ordinal 134
2453 }
2454 google_ads_cert_1 {
2455 actions {
2456 1 {
2457 pem
2458 ssl-server-handshake
2459 classify
2460 application /Common/google
2461 ssl-session-id
2462 }
2463 2 {
2464 pem
2465 ssl-server-handshake
2466 classify
2467 application /Common/google_ads
2468 ssl-session-id
2469 }
2470 }
2471 conditions {
2472 1 {
2473 ssl-cert
2474 ssl-server-handshake
2475 common-name
2476 ends-with
2477 values { .googleadservices.com .googlesyndication.com .googletagservices.com }
2478 }
2479 }
2480 ordinal 22
2481 }
2482 google_ads_sni_1 {
2483 actions {
2484 1 {
2485 pem
2486 ssl-client-hello
2487 classify
2488 application /Common/google
2489 ssl-session-id
2490 }
2491 2 {
2492 pem
2493 ssl-client-hello
2494 classify
2495 application /Common/google_ads
2496 ssl-session-id
2497 }
2498 }
2499 conditions {
2500 1 {
2501 ssl-extension
2502 ssl-client-hello
2503 server-name
2504 ends-with
2505 values { .googleadservices.com .googlesyndication.com }
2506 }
2507 }
2508 ordinal 23
2509 }
2510 google_analytics_cert_1 {
2511 actions {
2512 1 {
2513 pem
2514 ssl-server-handshake
2515 classify
2516 application /Common/google
2517 ssl-session-id
2518 }
2519 2 {
2520 pem
2521 ssl-server-handshake
2522 classify
2523 application /Common/google_analytics
2524 ssl-session-id
2525 }
2526 }
2527 conditions {
2528 1 {
2529 ssl-cert
2530 ssl-server-handshake
2531 common-name
2532 ends-with
2533 values { .google-analytics.com }
2534 }
2535 }
2536 ordinal 16
2537 }
2538 google_analytics_sni_1 {
2539 actions {
2540 1 {
2541 pem
2542 ssl-client-hello
2543 classify
2544 application /Common/google
2545 ssl-session-id
2546 }
2547 2 {
2548 pem
2549 ssl-client-hello
2550 classify
2551 application /Common/google_analytics
2552 ssl-session-id
2553 }
2554 }
2555 conditions {
2556 1 {
2557 ssl-extension
2558 ssl-client-hello
2559 server-name
2560 ends-with
2561 values { .google-analytics.com }
2562 }
2563 }
2564 ordinal 17
2565 }
2566 google_cache_cert_1 {
2567 actions {
2568 1 {
2569 pem
2570 ssl-server-handshake
2571 classify
2572 application /Common/google
2573 ssl-session-id
2574 }
2575 2 {
2576 pem
2577 ssl-server-handshake
2578 classify
2579 application /Common/google_cache
2580 ssl-session-id
2581 }
2582 }
2583 conditions {
2584 1 {
2585 ssl-cert
2586 ssl-server-handshake
2587 common-name
2588 ends-with
2589 values { .googleusercontent.com }
2590 }
2591 }
2592 ordinal 20
2593 }
2594 google_cache_sni_1 {
2595 actions {
2596 1 {
2597 pem
2598 ssl-client-hello
2599 classify
2600 application /Common/google
2601 ssl-session-id
2602 }
2603 2 {
2604 pem
2605 ssl-client-hello
2606 classify
2607 application /Common/google_cache
2608 ssl-session-id
2609 }
2610 }
More information about the Rancid-discuss
mailing list