For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nate_65894's avatar
Nate_65894
Icon for Nimbostratus rankNimbostratus
Mar 04, 2014

Exempt pdf doucments from stream filter

Hi,

 

I have inherited an iRule that is used to re-brand several websites in to one url. The irule selects a pool based on the URI and also performs transformation of the request so that it uses the legacy URL back to the server. The return data is then processed by a stream filter to modify any Hyper-links that are returned in the HTTP response.

 

The issue we are now having is that PDF and potentially other documents with the embedded text is being translated and the PDF document is being corrupted.

 

This is last part of the irule, from the http_response. I can supply the rest if required.

 

Thanks

 

Code
      when HTTP_RESPONSE {
 If HTTP response is a redirect then rewrite the Location field - required so that re-directs do not forward back to the old domain  
if { [HTTP::is_redirect] }{
    HTTP::header replace Location [string map {"bar.wil.com" "data.fred.com"} [HTTP::header Location]]
}

 Switch statement to select the appropriate stream filters using the filtertype variable that is defined earlier in the irule based on URI. 
switch -glob $filtertype  {
    "wil" {
         Can be utilised for debugging to confirm that the appropriate stream filter is being applied 
        log local0. "Matched wil website applying stream filter"

         Stream expression @replacethis@withthis@ 
         Stream filters are very different for each URI because the HTML coding differs significantly between different pages 
        STREAM::expression {@bar.wil.com/bar.html@data.fred.com/bar/@ @bar.wil.com@data.fred.com@ @app.cool.bear.com@data.fred.com/monitor@ @/foo/dirt/@/dirt/@ @"/foo/@"/wil/foo/@ @bar.wil.com@data.fred.com/wil@ @weather.bear.com:8080@data.fred.com:8080/weather@}
    }
    "wilandmonitor" {
        log local0. "Matched wil website applying stream filter"
        STREAM::expression {@bar.wil.com@data.fred.com@ @/foo/dirt/@/dirt/@ @"/foo/@"/wil/foo/@ @bar.wil.com@data.fred.com/wil@ @app.cool.bear.com@data.fred.com/monitor@ @apps.monitor.bear.com@data.fred.com/monitor@ @weather.bear.com:8080@data.fred.com:8080/weather@}
    }
    "monitor" {
        log local0. "Matched Monitor website applying stream filter"
        STREAM::expression {@weather.bear.com:8080@data.fred.com:8080/weather@ @weather.bear.com@data.fred.com/weather@ @href="./_@href="/monitor/_@ @src="./_@src="/monitor/_@ @img src="./userfiles@img src="/monitor/userfiles@ @
application delivery
devops
iRules
LTM
pdf
stream

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 04, 2014

    Typically what you'd do to prevent the STREAM filter from attacking non-text responses is to wrap it inside a Content-Type header evaluation. Something like this:

    if { [HTTP::header Content-Type] contains "text" } {    
    STREAM::expression {...}        
    STREAM::enable        
}