Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

ArlindT's avatar
ArlindT
Icon for Altocumulus rankAltocumulus
2 years ago
Solved

F5 Policy using replace with TCL

Hi,   i'm trying to to the following job: when someone try to browse to ictservice.it/some_text/etc i want the policy to add the string ICTDesktop int the path -> ictservice.it/ICTDesktop/some_te...
security
  • ArlindT's avatar
    ArlindT
    2 years ago

    solved as tcl[HTTP::uri "/ICTDesktop[HTTP::uri]"]

    ps: also tcl[HTTP::path "/ICTDesktop[HTTP::path]"] works

Paulius's avatar
Paulius
Icon for MVP rankMVP
2 years ago

ArlindT This might do what you want, this is also assuming I understood the situation.

when HTTP_REQUEST priority 500 {

    if {[HTTP::host] == "ictservice.it"} {
        if {[[string tolower [HTTP::uri]] == "/some_text/etc"} {
            HTTP::uri [string map {"/some_text/etc" "/ICTDesktop/some_text/etc"}[HTTP::uri]]
            pool POOL_your_pool
        }
    }

}
  • ArlindT's avatar
    ArlindT
    Icon for Altocumulus rankAltocumulus
    2 years ago

    Paulius 

    thanks for the support,

    the challenging thing is this: some_text/etc is a random part, i don't know it before.

    I want something like this:

    tcl:[string map {random_uri "/ICTdesktop"+random_uri} [HTTP::uri]]

    so it adds /ICTdesktop before the random_uri with a tcl implementation.

  • ArlindT's avatar
    ArlindT
    Icon for Altocumulus rankAltocumulus
    2 years ago

    i was thinking something like that

     

    tcl:[
    set old_path [HTTP::path]
    set new_path /ICTdesktop${old_path}
    string map [list "$old_path" "$new_path"] [HTTP::uri]
    ]

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP
      2 years ago

      ArlindT I don't believe this would work well with a string map because a string map works off of a static value being changed to another static value. What is the reason behind having to insert the "/ICTdesktop" into the path? This might be something that is better taken care of on the server side and letting the client see the path rather than attempting to hide it from the client.

      • ArlindT's avatar
        ArlindT
        Icon for Altocumulus rankAltocumulus
        2 years ago

        we had this request to balance:

        node1/ICTdesktop

        node2/ICTdesktop

        pool1( node1 + node2) -> policy ictservice.it/variable_path

        the requester want ictservice.it/variable_path

        to be processed as ictservice.it/ICTdesktop/variable_path

         

        you think this is better to be done Server side, or can be done also F5 side?