For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

silver78's avatar
silver78
Icon for Nimbostratus rankNimbostratus
Oct 16, 2019

add IP client for SMTP in v13.1: stream::replace not working

HI   I try to add the client IP source in the SMTP stream by using this code but it seems the Stream::replace does not work.   Could you help please ? output:   220 server1 Frontend  ehlo 250...
devops
iRules
LTM
boneyard's avatar
boneyard
Icon for MVP rankMVP
Oct 16, 2019

the documentation https://clouddocs.f5.com/api/irules/STREAM_MATCHED.html

 

seems to indicate you have to do a STREAM::expression in another event or get a match from stream profile, did you do that?

 

an irule trick i always do is log at the start of an event, there you can check if the STREAM_MATCHED event triggers. if it doesn't that is step one to fix.

 

when i tested yours on something similar i did indeed not trigger the event at all.

silver78's avatar
silver78
Icon for Nimbostratus rankNimbostratus
Oct 17, 2019

Thank you, it is weird because , only the log local of the client is accepted with real IP. When i enter HELO or EHLO, the stram::expression always is not matched

when CLIENT_ACCEPTED {
        set caddr [IP::client_addr]
        log local0. "Client addr: $caddr"
      STREAM::expression {@^EHLO.*\r\n@@ @^HELO.*\r\n@@}
      STREAM::enable
 
    }
     
 when STREAM_MATCHED {
        set mstring [STREAM::match]
        if { $mstring contains "10.1.2.3" } {
        log local0. "STREAM_MATCHED: string: $mstring replaced with $caddr"
        STREAM::replace "Client_IP\:$caddr"
        STREAM::enable
    }
    }