Forum Discussion
AltostratusHelp for when_http_response
when HTTP_REQUEST timing on priority 100 {
Check the requested path with wildcard matching
switch -glob [HTTP::path] {
"/appmania*" {
log local0. "HOST [HTTP::host] PATH [HTTP::path]"
pool HTTP_appmania
}
"/floo*" {
log local0. "HOST [HTTP::host] PATH [HTTP::path]"
pool HTTP_floo
}
"/HARDWARE*" {
switch [string tolower [IP::client_addr]] {
"85.88.99.201" {
log local0. "1 [HTTP::uri] [IP::client_addr] "
pool HTTP_active
log local0. " [HTTP::uri] [IP::client_addr] "
}
"85.87.66.78" {
log local0. "1 [HTTP::uri] [IP::client_addr] "
pool HTTP_active
log local0. " [HTTP::uri] [IP::client_addr] "
}
"85.74.86.89" {
log local0. "1 [HTTP::uri] [IP::client_addr] "
pool HTTP_active
log local0. " [HTTP::uri] [IP::client_addr] "
}
"92.78.96.129" {
log local0. "1 [HTTP::uri] [IP::client_addr] "
pool HTTP_active
log local0. " [HTTP::uri] [IP::client_addr] "
}
"92.78.96.129" {
log local0. "1 [HTTP::uri] [IP::client_addr] "
pool HTTP_active
log local0. " [HTTP::uri] [IP::client_addr] "
}
default
{
pool HTTP_active
}
}
log local0. "HOST [HTTP::host] PATH [HTTP::path]"
log local0. " [HTTP::uri] [IP::client_addr] "
pool HTTP_active
}
I need your help about the above irule. we want to produce log the "/HARDWARE*" { responses on the f5. Could you help us ?
Thank you in advance.
regards,
7 Replies
- nitass
Employee
we want to produce log the "/HARDWARE*" { responses on the f5. what information would you like to log in response? - nitasswe want to produce log the "/HARDWARE*" { responses on the f5. what information would you like to log in response?
hoolioCirrostratus
A few comments:
You can remove the 'string tolower' command on the client IP address as IPv4 addresses don't have alpha characters.
You could add the IP addresses to a data group and then use the class command to look up the client IP against the data group. This should be simpler and more efficient than using the a switch statement to do a string comparison of the IP addresses.
Aaron
waterfall_10467Hello All,
Thank you for your quick reply.Actually. this irule is longer but I have cut a part of it relevant to us.And I have to run it right away .That's why I can consider the data group for later. Nitass , after client's request I need to collect all responses of servers. Because we want to observe if client connect to server successfully.However, since the irule will consist heavy load on the f5. I want to this only for a project to troubleshoot. when the project finished. I will send all the logs to syslog sever.and this topic really very urgent for us.
thank you for your helps- nitassis this codeshare applicable?
HTTP Payload Collection by Deb
https://devcentral.f5.com/wiki/iRules.HTTPPayloadCollection.ashx
e.g.[root@ve10:Active] config b virtual bar list virtual bar { snat automap destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { set flag 0 set path [HTTP::path] switch -glob $path { "/HARDWARE*" { set flag 1 set collected 0 if { [HTTP::version] eq "1.1" } { if { [HTTP::header is_keepalive] } { HTTP::header replace "Connection" "Keep-Alive" } HTTP::version "1.0" } pool HTTP_active } default { do someting } } } when HTTP_RESPONSE { if {$flag == 0} { return } if { [HTTP::header exists "Content-Length"] } { set content_length [HTTP::header "Content-Length"] } else { set content_length 0 } if { $content_length > 0 && $content_length < 1048577 } { set collect_length $content_length } else { set collect_length 1048576 } if { $collect_length > 0 } { HTTP::collect $collect_length } } when HTTP_RESPONSE_DATA { log local0. "client [IP::client_addr]:[TCP::client_port] | server [IP::remote_addr]:[TCP::remote_port] | path $path | payload [HTTP::payload]" HTTP::release set collected [expr {$collected + $collect_length}] set remaining [expr {$content_length - $collected}] if { $remaining > 0 } { if { $remaining < $collect_length } { set collect_length $remaining } HTTP::collect $collect_length } } } [root@ve10:Active] config tail -f /var/log/ltm Jul 20 21:02:20 local/tmm info tmm[5111]: Rule myrule : client 192.168.206.55:51246 | server 200.200.200.101:80 | path /HARDWARE/test.html | payload hello world - waterfall_10467Hello Nitass,
Actually as I mentioned before we want to see all responses relevant to the http reguests .If I edit the irule like yours, I guess I won't need the ip address ? right. as you know I need logs of the ip address. Because using virtual server is running for other traffic.I guess I have explained wrong this. sorry. normally if client ip addresses like above and if those have include the HARDWARE*" at this point we want to see all requests and all responses of the requests.
Thank you in advance.
regards, - nitassactually, i just want to show http response payload is collected. "hello world" string is the response. it is a content of test.html.
i did not use your irule as a base since i thought you are interested only how to collect response part.
anyway, i think the HTTP Payload Collection codeshare by Deb is what you are looking for.
