For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kend's avatar
kend
Icon for Altostratus rankAltostratus
Apr 02, 2021

Convert HTTP iRule to TCP

We have a client/server application that uses a private written client that connects to a server through the LTM. The client app is installed on the users local workstation and then is used to connect to a virtual server on our LTM. The client sends the initial connection request as a malformed header which contains a session id that is then used for persistence. The current iRule we are using contains HTTP commands, so a HTTP profile is required on the virtual server. But, since this not a true HTTP application, we have some issues when using the HTTP profile. So, I am trying to convert the existing iRule from using the HTTP commands and try and use the TCP payload to get the session id. I am an amateur iRule creator, so I was hoping to get some help and to even see if this is possible. The current iRule is listed below. I want to achieve the same result but with using the TCP payload. That way the HTTP profile will not be needed.

 

Current iRule

when RULE_INIT {

 

        #Sets logging level (0 = no logging 1 = logging)

        set ::debug 0

 

        #Sets persistence timeout in seconds

        set ::timeout 900

}

 

when HTTP_REQUEST {

 

        #Checks if Content-Session header exists

        if { [HTTP::header exists "Content-Session"] }{

 

                #Grab Content-Session header value

                set sessionid [HTTP::header "Content-Session"]

                if {$::debug}{ log local0. "Content-Session value for [IP::client_addr] is: $sessionid"}

 

                #Persist connection based on Content-Session value

                catch { persist uie $sessionid $::timeout }

        }

}

 

when HTTP_RESPONSE {

 

        #Checks for Content-Session header

 

        if { [HTTP::header exists "Content-Session"] }{

 

                #Grap Content-Session header value

                set sessionid [HTTP::header "Content-Session"]

                if {$::debug}{ log local0. "Content-Session value for [IP::remote_addr] is: $sessionid"}

 

                #Setup Persistence record

                catch { persist add uie $sessionid $::timeout }

        }

}

2 Replies

  • Try using TCP::collect in CLIENT_DATA event. Log tcp payload and see if content-session payload can be used. Here is the link to start with some basic iRule syntax

     

    https://clouddocs.f5.com/api/irules/TCP__payload.html

  • kend's avatar
    kend
    Icon for Altostratus rankAltostratus

    I tried creating an iRule using the TCP::collect and TCP::payload command. I am trying to use the scan command to parse the data I need. This is the scan command I am using, but it is not working, "set scan_ct [scan [TCP::payload] {%[^\]\%s} 1 sessionid ]". here is a capture of the payload I am trying to scan and the highlighted data is what I need to parse. What would I change the scan variables, {%[^\]\%s}, to in order to get my data?

    POST /Epic HTTP/1.1 User-Agent: ThinClient Host: server Content-Length: 98 Content-Version: 1.0 Content-Session: 6000ec8-6f72-7yac-a334-cf657bcc2e52 Content-Type: application/smart-message ^������NX������¤þá�»T|ó<­Ó܉6Âjè��������:����������������������������������)��������������False��������������������������������������������en-US��