Forum Discussion
F5-User_203510
Nimbostratus
NimbostratusCapture Client Data
Hello,
1) Can anybody please explain if we can capture the data that is being sent by the HTTP/HTTPs CLIENT to BIG-IP.
2) If yes then how to capture it and view it with source IP information.
Thanks.
Mohamed_Ismail1Use X-Forwarded-For HTTP wonderful feature in BIGIP For more detail visit: https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
Brad_ParkerCirrus
What are you trying to capture exactly and to where are you capturing it? It is absolutely possible to see the entire payload of every request, but the question is more what are you trying to do?
F5-User_203510Dear Ismail, The X-Forwarded-For feature is not supported on webservers. So We must use iRULES.
Dear Brad, We have a virtual server configured with IP and port --> 10.50.171.8 : 443 (HTTPS)
The traffic that comes to this Virtual Server IP is from clients (banks and ATM Machines) which is further load balanced over servers.
when HTTP_REQUEST { switch -glob [HTTP::uri] { "/abc" { pool ABC HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] } "/XYZ" { pool XYZ HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] }......The irule list goes on....
PROBLEM: when F5 receives the request from client (Bank/ATM) on
It load balances the request to pool "XYZ" as specified in iRULE.
Unfortunately, the Servers/Nodes are receiving INVALID DATA from some source which cannot be identified on servers. We can see the invalid data on server but not the source IP of it.
REQUIREMENT: We want to know which Source IP is sending INVALID Data and for that we would like to store complete request and response data and everything that can help us identify the source IP that is sending the invalid data.
Could you please send me the iRULE script that we can attach to our Virtual Server and store logs on F5.
Thanks.
- Brad_ParkerYou aren't going to want to store logs on the F5, it will be overwhelmed very quickly. You say your servers can't log the X-Forwarded-For header, is that right? Do you have a high speed syslog of some sort you can send logs to? That is pretty much your only option if you server can't log a header.
- F5-User_203510
Dear Ismail, The X-Forwarded-For feature is not supported on webservers. So We must use iRULES.
Dear Brad, We have a virtual server configured with IP and port --> 10.50.171.8 : 443 (HTTPS)
The traffic that comes to this Virtual Server IP is from clients (banks and ATM Machines) which is further load balanced over servers.
when HTTP_REQUEST { switch -glob [HTTP::uri] { "/abc" { pool ABC HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] } "/XYZ" { pool XYZ HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] }......The irule list goes on....
PROBLEM: when F5 receives the request from client (Bank/ATM) on
It load balances the request to pool "XYZ" as specified in iRULE.
Unfortunately, the Servers/Nodes are receiving INVALID DATA from some source which cannot be identified on servers. We can see the invalid data on server but not the source IP of it.
REQUIREMENT: We want to know which Source IP is sending INVALID Data and for that we would like to store complete request and response data and everything that can help us identify the source IP that is sending the invalid data.
Could you please send me the iRULE script that we can attach to our Virtual Server and store logs on F5.
Thanks.