Forum Discussion

F5-User_203510

Nimbostratus

Nov 06, 2015

Capture Client Data

Hello, 1) Can anybody please explain if we can capture the data that is being sent by the HTTP/HTTPs CLIENT to BIG-IP. 2) If yes then how to capture it and view it with source IP informati...

Nimbostratus

Nov 08, 2015

Dear Ismail, The X-Forwarded-For feature is not supported on webservers. So We must use iRULES.

Dear Brad, We have a virtual server configured with IP and port --> 10.50.171.8 : 443 (HTTPS)

The traffic that comes to this Virtual Server IP is from clients (banks and ATM Machines) which is further load balanced over servers.

when HTTP_REQUEST { 
switch -glob [HTTP::uri] { 
    "/abc" { 
       pool ABC 
       HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] 
       }
    "/XYZ" { 
       pool XYZ 
       HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] 
       }

......The irule list goes on....

PROBLEM: when F5 receives the request from client (Bank/ATM) on

https://10.50.171.8/XYZ

It load balances the request to pool "XYZ" as specified in iRULE.

Unfortunately, the Servers/Nodes are receiving INVALID DATA from some source which cannot be identified on servers. We can see the invalid data on server but not the source IP of it.

REQUIREMENT: We want to know which Source IP is sending INVALID Data and for that we would like to store complete request and response data and everything that can help us identify the source IP that is sending the invalid data.

Could you please send me the iRULE script that we can attach to our Virtual Server and store logs on F5.

Thanks.

Brad_Parker
Cirrus
Nov 09, 2015
You aren't going to want to store logs on the F5, it will be overwhelmed very quickly. You say your servers can't log the X-Forwarded-For header, is that right? Do you have a high speed syslog of some sort you can send logs to? That is pretty much your only option if you server can't log a header.