Forum Discussion
Nishal_Rai
Cirrocumulus
CirrocumulusCan iRule mask the payload content on event logs of security
Hello Everyone,
Is it possible to mask the certain value of the request on the Application Security > Event Logs using iRule,
Since the application "Content-Type: application/octet-strea...
Try this article:
Irule Check payload contains | DevCentral
https://f5-agility-labs-irules.readthedocs.io/en/latest/class2/module1/lab4.html
https://clouddocs.f5.com/api/irules/HTTP__payload.html
Use
HTTP::payload replace <offset> <length> <string>
HTTP::payload replace¶
- Replaces the amount of content that you specified with the argument, starting at with , adjusting the Content-Length header appropriately.
- To clarify, the length argument should be the length of original content to replace. In order to replace the entire payload, the offset should be 0 and the length should be the original size in bytes of the payload.
- Note that the argument will be interpreted as a byte array. If it is actually a UTF-8 string with multibyte characters, the output will not be what you expect. In order to prepare a UTF-8 string for use as input to HTTP::payload replace, you should first run ‘binary scan c* throwawayvariable’.
- Note: This function is callable, but will not work as expected in the HTTP_REQUEST_SEND event
Examples¶
when HTTP_RESPONSE { if {[HTTP::status] == 205}{ HTTP::collect [HTTP::header Content-Length] set clen [HTTP::header Content-Length] } } when HTTP_RESPONSE_DATA { HTTP::respond 200 content [HTTP::payload] } when HTTP_RESPONSE_DATA { regsub -all "oursite" [HTTP::payload] "oursitedev" newdata log "Replacing payload with new data." HTTP::payload replace 0 $clen $newdata HTTP::release }