Forum Discussion

nramadan's avatar
nramadan
Icon for Nimbostratus rankNimbostratus
Feb 26, 2024

Dynamic Value iRule

Hi everyone, 

From past days, I have been struggling an iRule that forward dynamic string from 1st URL to 2nd URL. For example

1st URL = https://example.com/uat/data/value

2nd URL = http://192.168.1.1:8080/test/controller/ticket/ticket.jsp?data=value

Condition: content of "value" variable always updating, for example: today value = 3333 and tomorrow gonna changes to 4444

when HTTP_REQUEST {
if {[string tolower [HTTP::host]] equals "https://example.com"}{
if {[string tolower [HTTP::uri]] contains "/uat/data"}{
HTTP::respond 302 noserver Location "http://192.168.1.1:8080[string map -nocase {"/test/controller/ticket/ticket.jsp?data="} [HTTP::uri]]"
}
}
}

===================================================================

when HTTP_REQUEST {
set uri [HTTP::uri]
if { [HTTP::uri] contains "/uat/data" } {
log local0. "Original URI: $uri"
HTTP::uri [string range [HTTP::uri] 400 end]
log local0. "Search Query: [HTTP::uri]"
HTTP::uri /test/controller/ticket/ticket.jsp?data=[HTTP::uri]
log local0. "New URI: [HTTP::uri]"
HTTP::redirect "http://192.168.1.1:8080[HTTP::uri]"
}
elseif { $uri starts_with "/uat/data" } {
log local0. "Original URI: $uri"
HTTP::uri [string range [HTTP::uri] 400 end]
log local0. "Search Query: [HTTP::uri]"
HTTP::uri /test/controller/ticket/ticket.jsp?data=[HTTP::uri]
log local0. "New URI: [HTTP::uri]"
HTTP::redirect "http://192.168.1.1:8080[HTTP::uri]"
   }
}

I have used these 2 scripts, still got errors, any suggestions to fix this problem?

  • Try the iRule below.

    when HTTP_REQUEST {
        if { [string tolower [HTTP::host]] equals "example.com" && [string tolower [HTTP::uri]] starts_with "/uat/data/" } {
            set value [string map -nocase {"/uat/data/" "" } [HTTP::uri]]
            HTTP::respond 302 noserver Location "http://192.168.1.1:8080/test/controller/ticket/ticket.jsp?data=$value"
        }
    }

    See the output below.

    Have fun,

         --Niels

  • Thanks Niels for suggestions, but still can not redirect from 1st URL to 2nd URL.

    I have checked use curl command and log that appear when trying to access 1st URL.

    172.16.4.65 is IP of virtual server

    ====================================================================================
    [admin@waf-dummy:Active:Changes Pending] ~ # curl -v --resolve example.com:80:192.168.1.1 https://example.com/uat/data/value
    * Added example.com:80:192.168.1.1 to DNS cache
    *   Trying 172.16.4.65...
    * Connected to example.com (172.16.4.65) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * TLSv1.2 (IN), TLS change cipher, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * ALPN, server did not agree to a protocol
    * Server certificate:
    *        subject: CN=*.example.co.id
    *        start date: Mar  9 09:24:19 2023 GMT
    *        expire date: Apr  9 09:24:18 2024 GMT
    *        subjectAltName: ws.jict.co.id matched
    *        issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
    *        SSL certificate verify ok.
    > GET /uat/data/value HTTP/1.1
    > Host: example.com
    > User-Agent: curl/7.47.1
    > Accept: */*
    >
    * SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
    * Closing connection 0
    curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

    [admin@waf-dummy:Active:Changes Pending] ~ # tail -f /var/log/ltm
    Feb 27 09:39:36 waf-dummy err tmm2[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1)     invoked from within "HTTP::host"
    Feb 27 09:39:36 waf-dummy err tmm3[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1)     invoked from within "HTTP::host"
    Feb 27 09:39:36 waf-dummy err tmm[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1)     invoked from within "HTTP::host"
    ====================================================================================

    is there something that I should check again?