Forum Discussion

nrelihan_68143's avatar
nrelihan_68143
Icon for Nimbostratus rankNimbostratus
Jul 12, 2011

Blacklist iRule Chrome browser Problem

Hey all,     I have an issue when I do a scan on the http payload using chrome I can't find the following value "reqID=doLogin".   When running in ie or Firefox I have no such issue.   ...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Jul 13, 2011
Sorry I missed this the first time. You're looking for a POST request with a parameter of reqID equal to doLogin in HTTP_REQUEST. To guarantee that TMM is returning the full request payload using HTTP::payload, you need to collect it using HTTP::collect. I'm guessing Chrome isn't sending the reqID=doLogin string in the payload in the first packet(s) TMM buffers to parse the HTTP headers. So first, you could add logging in HTTP_REQUEST of [HTTP::payload] to confirm this. And then you could add logic like this to trigger payload collection: 

 From http://devcentral.f5.com/wiki/default.aspx/iRules/http__collect
when HTTP_REQUEST {
   log local0. "UA: [HTTP::header User-Agent]"
   log local0. "Current payload: ([HTTP::payload length] bytes) [HTTP::payload]"
    Trigger collection for up to 1MB of data
   if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576}{
      set content_length [HTTP::header "Content-Length"]
   } else {
      set content_length 1048576
   }
    Check if $content_length is not set to 0
   if { content_length > 0} {
      HTTP::collect $content_length
   }
}
when HTTP_REQUEST_DATA {
   log local0. "Current payload: ([HTTP::payload length] bytes) [HTTP::payload]"
    do stuff with the payload
   set payload [HTTP::payload]
}

Aaron