For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sashi_81625's avatar
Sashi_81625
Icon for Nimbostratus rankNimbostratus
Aug 25, 2010

cant read HTTP::payload

for the below iRule, the HTTP::payload is unreadable, can someone please point what might be going wrong?

 

 

LTM version: 10.0.1

 

 

when CLIENT_ACCEPTED {

 

set lookup 1

 

}

 

 

when HTTP_REQUEST {

 

if {$lookup == 1} {

 

set LB_request [HTTP::request]

 

HTTP::uri "/static/test.html"

 

}

 

}

 

 

when HTTP_RESPONSE {

 

if {$lookup == 1} {

 

if {[HTTP::header exists Content-Length] && ([HTTP::header Content-Length] < 2048)}{

 

set clength [HTTP::header Content-Length]

 

} else {

 

set clength 2048

 

}

 

HTTP::collect $clength

 

}

 

}

 

 

when HTTP_RESPONSE_DATA {

 

if {$lookup == 1} {

 

set lookup 0

 

set payload [HTTP::payload]

 

log local0. "Payload: $payload"

 

HTTP::release

 

HTTP::retry $LB_request

 

}

 

}

 

 

 

 

here is the output of ltm log

 

 

 

±ã²ÃHMLRÃ

 

ÃEÂ% %©¶J%©%úYÂeÂQ%;®ÂüäÃÃü½äüüìÃT[%'ÃÂÃllswitch : Payload: ÀÀÀÀÀÀ³Ã(ÃÃ

 

¢ÃÃ

 

äJ%.ÂR IúKRÂK@°-ÀÃuû*mÀÀÀ

 

 

 

 

application delivery
dev
devops
iRules

6 Replies

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Aug 25, 2010
    Is the payload encoded or encrypted somehow? What is it you're trying to accomplish?

     

     

    Colin

     

  • Sashi_81625's avatar
    Sashi_81625
    Icon for Nimbostratus rankNimbostratus
    Aug 25, 2010
    trying to implement

     

     

    http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/105/Conditioning-iRule-Logic-on-External-Information--01--HTTPretry.aspx

     

     

    the request is on http, so i dont think payload is encrypted anywhere

     

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Aug 25, 2010
    There is no reason that I can think of that the LTM would be spitting out payload info like that if it's not somehow being munged from the back-end. Have you taken a trace of the data on the wire? I'd get a tcpdump directly from the BIG-IP as the traffic is coming in. The iRule seems to think that's the payload data it's being passed, so something is definitely wonky.

     

     

    Colin
  • Sashi_81625's avatar
    Sashi_81625
    Icon for Nimbostratus rankNimbostratus
    Aug 26, 2010
    seems like a similar issue has been reported for tcp::payload too

     

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/15665/aff/5/showtab/groupforums/Default.aspx

     

     

    do you think i should open case with F5 for further analysis ? I am running out of ideas
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Aug 27, 2010
    I'd say opening a case is a good idea. It certainly isn't something you're doing with your iRule, that's pretty straight-forward. What does your Virtual config look like? Are you encrypting or compressing the traffic perhaps?

     

     

    Colin
  • Sashi_81625's avatar
    Sashi_81625
    Icon for Nimbostratus rankNimbostratus
    Aug 31, 2010
    Yes, the response that F5 gets is gzip-compressed... i updated the iRule with below lines, and that resolved the issue

     

     

    if { [HTTP::header exists "Accept-Encoding"] } {

     

    HTTP::header remove "Accept-Encoding"

     

    }