For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kleis_oenema_67's avatar
kleis_oenema_67
Icon for Nimbostratus rankNimbostratus
Jul 06, 2007

help implementing i-rules

I just need to compose an i-rule to impose secure loging. At present it works fine in a dx box from junper with a so called ptc rule. The ptc rule is rewriting a part of the contents. This has now to be done by a big-ip version 9.3x.

 

 

the first I rule applies to http to redirect to https this works fine.

 

 

rule for http

 

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] contains "/Logon/ProcessLogon.asp?iscontained=Yes"} {

 

HTTP::redirect "https:://"[HTTP::host][HTTP::uri]"

 

} elseif { [HTTP::uri] contains "interop" } {

 

pool HFM-Prod-interop

 

} else

 

{pool HFM-Prod }

 

}

 

 

 

 

rule for https

 

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] contains "../home/home.asp?iscontained=Yes" }{

 

HTTP::redirect "http://[HTTP::host][HTTP::uri]"

 

} elseif { [HTTP::uri] contains "interop" } {

 

pool HFM-Prod-interop

 

} else

 

{pool HFM-Prod }

 

}

 

 

so far so good. However the https rule should do more and replace content data

 

 

to this rule the following should be added. I give first the ptc rule as applied in the redline

 

 

PTC: content contains "" then replace content term ""

 

 

in the above lines the "\" are escapes for the redline to ignore the next character.

 

I suppose this should be used in the big ip as well for " and ( ) do have meaning in parsing.

 

 

 

in simple language the following should happen

 

if the content contains:

 

""

 

 

then replace the content with:

 

""

 

 

In the above I took away the escapes needed for the redline

 

 

Who can help me do solve this problem
application delivery
dev
devops
iRules

2 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jul 06, 2007
    I would apply a stream profile against your https virtual:

    
profile stream replace_content_1 {
   defaults from stream
   source ""
   target ""
}
  • kleis_oenema_67's avatar
    kleis_oenema_67
    Icon for Nimbostratus rankNimbostratus
    Jul 12, 2007
    I tried to implement the given rule but to no avail, I keep getting errors.

     

    Next I tried to implement the next rule but it generates the error in the I rule editor "line 9: [unknown event (STREAM_MATCHED)] [when STREAM_MATCHED {"

     

     

    the rule I tried is given below.

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::uri] contains "../home/home.asp?iscontained=Yes"} {

     

    HTTP::redirect "https:://[HTTP::host][HTTP::uri]"

     

    } elseif { [HTTP::uri] contains "interop" } {

     

    pool hfm-prod-interop

     

    } else

     

    {pool hfm-prod }

     

    }

     

    when STREAM_MATCHED {

     

    if{ [STREAM::match] contains ""} {

     

    STREAM::replace ""

     

    }

     

    }

     

     

    who knows the answer