XC.deploy
v1 · HTTP_LB
POST /api/config/namespaces/{namespace}/http_loadbalancers
READY
F5 Distributed Cloud · Provisioning Console

Deploy an HTTP Load Balancer
without touching the console.

Configure your virtual host, origin pools, advertisement, and security posture. The right panel renders the exact API payload, a ready-to-run curl command, and a validation report against the OpenAPI spec.

01
Identity & Namespace
unnamed · default
DNS-1035: lowercase letters, digits, hyphens. Cannot start with a digit.
XC tenant namespace where this LB lives.
02
Domains
no domains
Exact (www.foo.com) or wildcard prefix (*.foo.com). Bare wildcards rejected.
03
Listener Protocol
HTTPS (auto-cert)
F5 XC will auto-issue Let's Encrypt certificates for HTTPS auto-cert.
Non-default is the safe choice — your LB shares the public VIP with other LBs and routes by SNI. Use "Default" only if no other LB in your tenant already owns this VIP, otherwise XC returns: x.x.x.x/TCP/443 is in use as default LB.
04
Default Origin Pools
0 pools
Pools must already exist in F5 XC. Reference them by name + namespace. Max 8 pools per LB.
05
Advertisement
Public default VIP
Public default VIP — F5 XC's anycast public IP. Simplest path to live.
06
Load Balancing Algorithm
round_robin
07
Security Posture
WAF off · Bot off
Application Firewall (WAF)
Apply a managed WAF policy from your namespace.
Bot Defense
Disabled by default. When off, payload sets disable_bot_defense: {}.
IP Reputation
Block traffic from known-malicious source IPs.
Malicious User Detection
Behavioral scoring of clients.
Rate Limit
Off → disable_rate_limit: {}. (Configure detailed policies in XC after deploy.)
F5 Distributed Cloud · Origin Pool

Define an upstream pool of origin servers.

An Origin Pool tells the LB where to send traffic — public IPs, private IPs at a CE site, public DNS names, or k8s services. Health checks remove unhealthy servers from rotation. The LB references this pool by name + namespace.

01
Identity
unnamed
02
Pool Configuration
round-robin
03
Origin Servers
0 servers
Common types: Public IP (cloud VM), Public DNS (managed FQDN), Private IP (CE-attached site), Private DNS (DNS resolved by CE), K8s Service (vK8s or attached K8s).
04
Health Check References
none
References must point at existing Health Check resources by name + namespace. Create them in the "Health Check" tab first.
F5 Distributed Cloud · Health Check

Define a health probe attached to an Origin Pool.

XC sends HTTP / TCP / UDP-ICMP probes to each origin server. Failed servers drop out of rotation until they recover. Tune interval, timeout, and the healthy/unhealthy thresholds for your traffic profile.

01
Identity
unnamed
02
Probe
HTTP
03
Timing & Thresholds
F5 Distributed Cloud · Application Firewall

Define a WAF policy for HTTP Load Balancers.

Choose enforcement mode (monitoring vs. blocking), bot defense behaviour, blocking page, anonymization, and allowed response codes. The LB references this policy via the app_firewall field.

01
Identity
unnamed
02
Enforcement & Detection
monitoring
03
Bot Protection
04
Blocking Page
05
Allowed Response Codes
allow all
F5 Distributed Cloud · Rate Limiter Policy

Rate-limit traffic with fine-grained rules.

Each rule combines an action (apply / bypass / custom limiter) with country, IP, method, and path matchers. Rules evaluate top-down, first match wins. Reference this policy from your HTTP_LB's rate-limit setting.

01
Identity
unnamed
02
Server Selection
03
Rules
0 rules
Empty matcher fields = "any". Combine matchers (e.g. countries=US + path=/api/v2) for narrow rules.
F5 Distributed Cloud · Service Policy

Allow / deny traffic with a service policy.

Pick one of: allow all, deny all, allow-list (IP prefixes), deny-list, or full rule list. Rule lists support per-rule action (ALLOW/DENY) with country, IP, method, and path matching.

01
Identity
unnamed
02
Rule Choice
allow list