Forum Discussion

doddy's avatar
doddy
Icon for Nimbostratus rankNimbostratus
Jul 27, 2013

Detect HTTP Pipelining Request

Good day all...     I am currently looking for method to detect HTTP pipelining request. This pipelining is currently exploiting our vulnerability in which cannot detect subsequent request on...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 27, 2013
as Kevin suggested, when pipelining is disabled, bigip will terminate a connection after responding 1st request.

e.g. 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   profiles {
      myhttp {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b profile myhttp list
profile http myhttp {
   pipelining disable
}

 client sends http pipelining

[root@centos17 ~] echo -en "HEAD /frist HTTP/1.1\r\nHost: \r\n\r\nHEAD /second HTTP/1.1\r\nHost: \r\n\r\n" | nc 172.28.19.252 80
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:46:47 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

 packet trace

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.17(47892) <-> 172.28.19.252(80)
1374921376.8812 (0.0011)  C>S
---------------------------------------------------------------
HEAD /frist HTTP/1.1
Host:

HEAD /second HTTP/1.1
Host:

---------------------------------------------------------------

1    1374921376.8813 (0.0000)  C>S  TCP FIN
New TCP connection 2: 200.200.200.10(47892) <-> 200.200.200.101(80)
1374921376.8842 (0.0029)  C>S
---------------------------------------------------------------
HEAD /frist HTTP/1.1
Host:

---------------------------------------------------------------

1374921376.8853 (0.0010)  S>C
---------------------------------------------------------------
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:46:47 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

---------------------------------------------------------------

1374921376.8853 (0.0040)  S>C
---------------------------------------------------------------
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:46:47 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

---------------------------------------------------------------

2    1374921376.8853 (0.0000)  C>S  TCP FIN
1    1374921376.8853 (0.0000)  S>C  TCP FIN
2    1374921376.8864 (0.0010)  S>C  TCP FIN