For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tony_haynes_-_M's avatar
tony_haynes_-_M
Icon for Nimbostratus rankNimbostratus
Nov 06, 2015

GET iRule HTTP:rewrite to go through APM

Hello,

I have an iRule on a VIP. After the client is connected, I want to detect if they go to a certain URI. IF they do I'd like to redirect to a different location. The issue is, the client gets the "real" redirect and now an APM rewrite. So I need to somehow detect this.

if { [HTTP::uri] contains $static::resource_name_custom }{
set username [ACCESS::session data get "session.login.last.username"]
HTTP::redirect [https://vpn.mcg-ins.com/f5-w-687474703a2f2f766d6178706572666f726d&&/rdp/findpcs.php?user=](https://vpn.mcg-ins.com/f5-w-687474703a2f2f766d6178706572666f726d&&/rdp/findpcs.php?user=)$username
    }

2 Replies

  • tony_haynes_-_M's avatar
    tony_haynes_-_M
    Icon for Nimbostratus rankNimbostratus
    Nov 07, 2015
    I have no idea why this thing isn't formating correctly. HTTP::redirect [https://vpn.mcg-ins.com/f5-w-687474703a2f2f766d6178706572666f726d&&/rdp/findpcs.php?user=$username]
  • THi's avatar
    THi
    Icon for Nimbostratus rankNimbostratus
    Nov 13, 2015

    Was the issue that the client gets "real" "real" redirect and noT an APM rewrite. So a real resource name instead of the obfuscated path?

     

    Why do you have the square brackets around the redirect location? The irule parser will try to evaluate the location string inside and replace it with the value it thinks it has evaluated - in your case the obfuscation may be removed and the internal portal resource name may be shown. Haven't tested, so cannot be sure.

     

    From tcl.tk:

     

    You obtain the results of a command by placing the command in square brackets ([]). This is the functional equivalent of the back single quote (`) in sh programming, or using the return value of a function in C.

     

    As the Tcl interpreter reads in a line it replaces all the $variables with their values. If a portion of the string is grouped with square brackets, then the string within the square brackets is evaluated as a command by the interpreter, and the result of the command replaces the square bracketed string.

     

    You may be redirected to something like the internal resource I believe you need to keep the obfuscated path instead. Use double quotes ( " ... " ) instead.

     

    Also in my 11.5.1 & 11.6.0 APM portal access the obfuscated path part ends with "$$" instead of "&&". Don't know if it is a problem, too.

     

    Also in which event you have the iRule snippet?