Forum Discussion
Employeefind an dreplace XML Value with irule
I an having trouble with an iRule I am writing trying to parse the SSN Value out of the following POST
http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
http://ns.hr-xml.org/2004-08-02">
abdd33e8-f7ef-4808-b06b-6d06d2309fdb
http://ns.hr-xml.org/2004-08-02">
2512
2
http://ns.hr-xml.org/2004-08-02">
eb765bc0-a6ac-417f-85a8-d99e7a3850f8
7http://ns.h...tRequester>
http://ns.hr-xml.org/2004-08-02">
9f6187f7-5dc7-4ace-874a-a1892a42b586
Female
Native Hawaiian or other Pacific Islander
7/5/1960
555-55-5555
DDITest_2011818_737
DDITest_2011818_737
(631)-555-2295
(229)-555-4668
DDITest_2011818_737@ddi.test
US
63178
NH
Tucson
5949 Maple Blvd
Apt 59
http://ns.hr-xml.org/2004-08-02">
Example User Area Text
Any help would be appreciated.
My iRule so far looks like:
when HTTP_REQUEST {
if { [HTTP::host] contains "dev.integration.services.7-5.identifythebest.com" } {
HTTP::class disable
WAM::disable
STREAM::disable
if {[HTTP::header content-type] starts_with "text/xml"}{
log local0. "_xml_scrubber"
HTTP::collect [HTTP::header Content-Length]
set TaleoSSN [findstr [HTTP::payload] "" 0 <]
log local0. "SSN Value is $TaleoSSN"
}
}
}
7 Replies
Kevin_Davies_40Nacreous
HTTP::collect triggers the collection of payload data. This enables HTTP_REQUEST_DATA event. In this event you can use the HTTP::payload command to interrogate the payload. See the many example iRules under the payload command page.
http://devcentral.f5.com/wiki/iRules.http__payload.ashxIf you are using version 10.2.x then you may be interested in the new XML profile options and the associates iRule events that become available...
MANUAL: Configuring XML Content-Based Routing (requires login)
Kevin (Jarvil)- Maurice_G_
Thanks Kevin
I am now using the HTTP_REQUEST_DATA event but my TaleoSSn value is still null.
Any ideas?
when HTTP_REQUEST {
if { [HTTP::host] contains "dev.integration.services.7-5.identifythebest.com" } {
HTTP::class disable
WAM::disable
STREAM::disable
if {[HTTP::header content-type] starts_with "text/xml"}{
log local0. "_xml_scrubber"
HTTP::collect [HTTP::header Content-Length]
}
}
}
when HTTP_REQUEST_DATA {
set TaleoSSN [findstr [HTTP::payload] "" 0 "<"]
log local0. "SSN Value is $TaleoSSN"
STREAM::expression @{\d{3}-\d{2}-\d{4}}@@
regex for SSN STREAM::expression {\d{3}-\d{2}-\d{4}}
works STREAM::expression "@SSN@@"
STREAM::enable
}log local0. "scrubber"
when STREAM_MATCHED {log local0. "Stream Filter Matched: [STREAM::match]"} - Maurice_G_OK....my rule now works to capture the data I am looking for
when HTTP_REQUEST {
if { [HTTP::host] contains "dev.integration.services.7-5.identifythebest.com" } {
HTTP::class disable
WAM::disable
STREAM::disable
if {[HTTP::header content-type] starts_with "text/xml"}{
log local0. "_xml_scrubber2"
HTTP::collect [HTTP::header Content-Length]
}
}
}
when HTTP_REQUEST_DATA {
set TaleoSSN [findstr [HTTP::payload] "\"SSN\">" 0 "<"]
log local0. "SSN Value is $TaleoSSN onespace after SSN"
}
the resulting log is "SSN">555-55-5555
How can I replace this with "SSN">-- regardless of the format of the ssn?
- Kevin_Davies_40How can I replace this with "SSN">-- regardless of the format of the ssn?
when HTTP_REQUEST_DATA { set offset [string first {"SSN">} [HTTP::payload]] set length [expr {$offset - [string first {<} [HTTP::payload] $offset] }] log local0. "Offset $offset length $length" log local0. "Replacing [HTTP::payload $offset $length]" HTTP::payload replace $offset $length {"SSN">--} }
Mind you there is no error checking here so you would want to add some.
Kevin (Jarvil) - Maurice_G_OK....Thanks a bunch for the help. I understand how it obtains the string and replaces it.
I made a couple of tweaks to the script below:
when HTTP_REQUEST {
log local0. "Inside Request"if { [HTTP::host] contains "dev.integration.services.7-5.identifythebest.com" } {if {[HTTP::method] eq "POST" && [HTTP::header value Content-Type] contains "text/xml"}{log local0. "Inside IF"HTTP::collect [HTTP::header Content-Length]HTTP::header remove "Accept-Encoding"HTTP::collect}
}
}
when HTTP_REQUEST_DATA {
log local0. "Inside Request_data"
set offset [string first {"SSN">} [HTTP::payload]]
set length [expr {[string first {<} [HTTP::payload] $offset] - $offset}]
log local0. "Offset $offset length $length"
log local0. "Replacing [HTTP::payload $offset $length]"
log local0. [HTTP::payload]
HTTP::payload replace $offset $length {"SSN">--}
}
Now I get the following output:
Aug 20 07:17:49 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside Request
Aug 20 07:17:49 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside Request
Aug 20 07:17:49 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside IF
Aug 20 07:17:50 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside Request_data
Aug 20 07:17:50 local/tmm info tmm[5162]: Rule _xml_scrubber : Offset 1138 length 17
Aug 20 07:17:50 local/tmm info tmm[5162]: Rule _xml_scrubber : Replacing "SSN">555-55-5555
Aug 20 07:17:50 local/tmm info tmm[5162]: Rule _xml_scrubber : 91f0f42d-8529-4725-9429-9b2edcb92abaTa13oPint3rgrat10nabdd33e8-f7ef-4808-b06b-6d06d2309fdb25122cb16ddd9-3e71-4337-b593-cb9a8bb9c48e7de4511aa-e973-4ab6-a224-02a841
From looking at a packet capture the whole post is in one packet, but the output of the payload appears truncated. any advice?
- Maurice_G_Actually the last post had incomplete output...see below
Aug 20 09:55:51 local/tmm1 info tmm1[5163]: Rule _xml_scrubber : Inside Request
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside Request
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside IF
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Heaer length is 2008
Aug 20 09:55:52 local/tmm1 info tmm1[5163]: 01260013:6: SSL Handshake failed for TCP from 10.200.1.3:443 to 125.34.48.98:23802
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside Request_data
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Payload is 91f0f42d-8529-4725-9429-9b2edcb92abaTa13oPint3rgrat10nabdd33e8-f7ef-4808-b06b-6d06d2309fdb25122592f60b2-5da5-4f4c-9dfb-7b6d8a3d90727d61be704-2945-400e
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Offset 1130 length 17
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Replacing "SSN">555-55-5555
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : 91f0f42d-8529-4725-9429-9b2edcb92abaTa13oPint3rgrat10nabdd33e8-f7ef-4808-b06b-6d06d2309fdb25122592f60b2-5da5-4f4c-9dfb-7b6d8a3d90727d61be704-2945-400e-927d-d11bed
Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : After replacing payload
Any ideas would be greatly appreciated...... - Maurice_G_So it looks like posting my output is also being truncated.....does anybody know the trick to posting XML output so that it is visible?
I will try again...Aug 20 09:55:51 local/tmm1 info tmm1[5163]: Rule _xml_scrubber : Inside Request Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside Request Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside IF Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Heaer length is 2008 Aug 20 09:55:52 local/tmm1 info tmm1[5163]: 01260013:6: SSL Handshake failed for TCP from 10.200.1.3:443 to 125.34.48.98:23802 Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Inside Request_data Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Payload is 91f0f42d-8529-4725-9429-9b2edcb92abaTa13oPint3rgrat10nabdd33e8-f7ef-4808-b06b-6d06d2309fdb25122592f60b2-5da5-4f4c-9dfb-7b6d8a3d90727d61be704-2945-400e Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Offset 1130 length 17 Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : Replacing "SSN">555-55-5555 Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : 91f0f42d-8529-4725-9429-9b2edcb92abaTa13oPint3rgrat10nabdd33e8-f7ef-4808-b06b-6d06d2309fdb25122592f60b2-5da5-4f4c-9dfb-7b6d8a3d90727d61be704-2945-400e-927d-d11bed Aug 20 09:55:52 local/tmm info tmm[5162]: Rule _xml_scrubber : After replacing payload
