Forum Discussion

Wes_98712's avatar
Wes_98712
Icon for Nimbostratus rankNimbostratus
Nov 08, 2011

Header Inserts

I am experiencing a somewhat odd situation. I created an HTTP profile and setup a name value pair in the Request Header Insert (SSL_ENV:On). When I debug in Fiddler to see if the header is inserted, I don't see anything which is really strange. So I went the iRule route and tried to test if the header was set and if it wasn't set it to On:

 

 

when HTTP_REQUEST {

 

set myhost [HTTP::host]

 

set myuri [HTTP::uri]

 

if { ![HTTP::header "SSL_ENV"] equals "On" } {

 

HTTP::header insert SSL_ENV On

 

log local0. "HEADER HTTPVS: [HTTP::header "SSL_ENV"]"

 

} else {

 

if { $myuri starts_with "/API" } {

 

log local0. "URL: $myuri going to non_ssl pool"

 

pool pool_one_80

 

} else {

 

HTTP::redirect "https://$myhost$myuri"

 

}

 

}

 

}

 

 

It throws a strange error on the ![HTTP::header

 

 

[undefined procedure: !HTTP::header] [!HTTP::header "SSL_ON"]

 

 

I thought inserting a header would be really straight forward and easy, but somehow I am missing something. Thoughts?

 

 

BTW: I created the same rule in SSL and HTTP to check if the header didn't exist and then create it. Still no dice.

 

  • Kurt, we switched from Barracuda. Here's an update.

    I ended up using the http profile header insert and noticed a few interesting things when we debugged the ASP server variables. When we dump the ASP server variables we actually see that somehow HTTP_ is prepended before the header so it looks like HTTP_SSL_ENV, the RAW dump actually shows the exact name. Which is interesting, however, what is really strange is that both the HTTP header dump and the RAW dump show the value of the header, but when we loop through the variables:

    for each x in Request.ServerVariables
      response.write(x & "*" & Request.ServerVariables(x) & "*
    ")
    next 

    the actual value doesn't display for SSL_ENV, it shows up as:

    HTTP: HTTP_SSL_ENV:On *

    RAW: HTTP_SSL_ENV:On *

    But when we loop through the headers the output of the SSL_ENV is:

    HTTP_SSL_ENV**

    Some how it's not getting the value of the header.

  • More on this, it seems as though the Request.ServerVariables isn't pulling the value of the SSL_ENV header. The RAW output shows it, but not the actual Request.ServerVariables(x). I don't believe this is an F5 issue, I did validate that I set the header insert correctly in the profile (SSL_ENV: On). Stumped!
  • Another update, after a lot of testing we discovered something odd about the way F5 is inserting the header value

    If we use an iRule (HTTP::header insert SSL_ENV On) or if we set the Request Header Insert in the http profile (SSL_ENV: On) either way F5 can see the header and reports that the value is set to On, but the server can't see the value:

    if Request.ServerVariables("HTTP_SSL_ENV")="On" then
    response.write("WES Pass: " & Request.ServerVariables("HTTP_SSL_ENV") & "
    ")
    else
       response.write("WES Fail: " & Request.ServerVariables("HTTP_SSL_ENV:") & "
    ")
    end if

    The output is always Wes Fail: (kind of ironic). But the ltm logs show the following if I capture the header value in the ltm log:

    when HTTP_REQUEST {
       if { [HTTP::header "HTTP_SSL_ENV"] equals "On" } {
          log local0. "HEADER HTTPS is: [HTTP::header "HTTP_SSL_ENV"]"
       }
    } 

    Results:

    Nov 9 15:29:36 tmm info tmm[7845]: Rule /Common/test_irule : HEADER HTTPS is: On

    Nov 9 15:30:06 tmm info tmm[7845]: Rule /Common/test_irule : HEADER HTTPS is: On

    Nov 9 15:30:46 tmm info tmm[7845]: Rule /Common/test_irule : HEADER HTTPS is: On

    Nov 9 15:30:46 tmm info tmm[7845]: Rule /Common/test_irule : HEADER HTTPS is: On

    Nov 9 15:31:38 tmm info tmm[7845]: Rule /Common/test_irule : HEADER HTTPS is: On

    Nov 9 15:31:38 tmm info tmm[7845]: Rule /Common/test_irule : HEADER HTTPS is: On

    So now I'm kind of stuck wondering why ASP can't read the value in the header using the ServerRequest function, but yet in RAW output or ALL_HTTP it can. Do I need to do something different with the header insert on the F5?
  • And another interesting development. If the variable has an _ in it, for whatever reason ASP doesn't detect the value. The F5 inserts it in the header as best as I can tell, but the ASP Request.ServerVariable doesn't pick up the value. This is really odd. I don't know if this is a bug with the way F5 inserts headers or if it's an ASP issue.
  • i am not familiar with asp. anyway, would you mind trying this asp code?

     

     

    Viewing all Server Variables for a Site

     

    http://weblogs.asp.net/owscott/archive/2010/03/09/viewing-all-server-variables-for-a-site.aspx
  • If I set it as a String and dump the output it works, which tells me what, it appears to be an encoding issue and not F5. Curious as to why it worked before with a different appliance. But whatever. ;-)
  •  

    when HTTP_REQUEST {
       if { [HTTP::header "HTTP_SSL_ENV"] equals "On" } {
          log local0. "HEADER HTTPS is: [HTTP::header "HTTP_SSL_ENV"]"
       }
    } 
    

     

     

    Maybe I'm a bit confused now, but why are you looking for the header "HTTP_SSL_ENV" in the iRule?

     

     

    The log statements tells me that the HTTP header "HTTP_SSL_ENV" was set, not "SSL_ENV" (see iRule above)!

     

     

    Nov 9 15:29:36 tmm info tmm[7845]: Rule /Common/test_irule : HEADER HTTPS is: On

     

     

    However, you should set the HTTP header to "SSL_ENV" in the iRule (or profile) on the F5, not "HTTP_SSL_ENV"!. ASP is just using a kind of translation machanism to view the HTTP headers as "variables". They do so by adding HTTP_ in front of the real HTTP header name.

     

     

    So, on the F5 please add the header "SSL_ENV" and in your ASP code look for the variable "HTTP_SSL_ENV". Is this what you tried and still did not see the header value in your ASP code?

     

     

    BTW: What do you mean by "If I set it as a String and dump the output it works"? Where do you set "it" as a string?

     

     

    Regards

     

    Kurt Knochner

     

  • Kurt,

     

     

    I tried that, no dice. If I set it to SSL_ENV it doesn't pick it up, in ASP code, but SSLENV does work. In fact I initially thought the issue was with the _ character because if I set the header to SSL it worked fine, SSL_ENV doesn't work but SSLENV does work. I understand the difference on the prepended HTTP_, but this is something beyond that.

     

     

    What I mean by string is, in ASPX if I set the server variable as a String variable not varchar or int etc. it displays the entire string HTTP_SSL_ENV, if I simply Dim the variable and reference it, it doesn't display the value. I am not sure if this is an F5 issue or an ASP encoding issue at this point.
  • Hi Wes,

     

     

    Take a look at these articles. I believe they may help you narrow down your issue. Especially the first article.

     

     

     

    The problem should be clear now. The CGI 1.1 Specification defines a substitution of "-" in Request Header to "_" in Server Varible names, but what is the substitution of "_" in Request Headers in Server Variable???

     

     

     

    HOWTO: Retrieve Request Headers using ISAPI, ASP, and ASP.Net

     

    The WWW Common Gateway Interface Version 1.1

     

     

    Hope these help.
  • HOWTO: Retrieve Request Headers using ISAPI, ASP, and ASP.Net

     

     

    Good hint Michael!

     

     

    Within the article they say:

     

     

    "Notice that HTTP_ syntax only retrieves the header name with dashes, while HEADER_ syntax retrieves both headers with dashes and underscores individually"

     

     

    "With ASP.Net, the Headers collection is the only way to get all the header values. HTTP_ prefix only retrieves the header name with dashes, as expected"

     

     

    Wes, based on that information you should either stick with your solution (SSLENV), or

     

     

    a.) add the header SSL-ENV on F5. Then you can retrieve the value with "HTTP_SSL-ENV" or "HEADER_SSL-ENV" in ASP code

     

    b.) add the header SSL_ENV on F5. Then you can retrieve the value with "HEADER_SSL_ENV" in ASP code

     

     

    more or less :-)

     

     

    Regards

     

    Kurt Knochner