Forum Discussion
How to add missing Content-Length header to an HTTP POST request?
Have tried to send an APM HTTP Auth POST request to external authentication server which requires Content-Length header. Seems to be that APM HTTP Auth does not calculate and add the Content-Length header when sending a custom POST.
The POST content is small json data but its size varies. HTTP Auth sends the POST to a layered VS which converts the request to https, so can use iRules there. Tried to use HTTP::collect and then calculate the size from collected HTTP::payload and do HTTP::release. However it gets stuck..
Would be nice to be able to do it at the Layered VS. Alternatively thinking of using an iRule agent event in the VPE to form the json POST data and calculate the size into session variables prior the HTTP Auth box in the VPE and using them in the HTTP Auth custom POST definition.
Any advice?
- JRahm
Admin
Can you post what you tried? Something like this perhaps? (to be applied on your layered vip) no need to call HTTP::release here, it's done implicitly. I'd make sure that posts hitting this vip are small, otherwise you'll want to exercise more care than I example here.
when HTTP_REQUEST { if { [HTTP::method] eq "POST" } { HTTP::collect set ispost 1 } } when HTTP_REQUEST_DATA { if { [info exists ispost] } { HTTP::header insert Content-Length [HTTP::payload length] } }
- THi
Nimbostratus
Thanks Jason
I did not spend much time on this on the layered VS, tested a bit, until gave up, so, unfortunately I did not document the testing much, but I try to recall what I found:
- The APM HTTP Auth object did not put any content length header into the custom POST request to the layered VS, unless it was not specifically added via the GUI
- with an iRule at the layered VS, I tried HTTP::collect in the when HTTP_REQUEST event with no or different content length parameter values (longer, smaller, actual), also tried adding HTTP::release..
- The when HTTP_REQUEST_DATA did not fire at all
So, for me, there was no option to read HTTP::payload and calculate the actual length with for example [string length HTTP::payload] command within the when HTTP_REQUEST_DATA event.. Setting of Content-Length header in that event did not succeed, either. Actually the connection hanged in most configs.. Tried the same in when HTTP_REQUEST event, calculate the length and set the header, similar results or even tcl scope problems..
After a few of hours of trying, I gave up and proceeded with my alternative option and succeeded.
The only way I got the Content-Length header set up and my target auth application accepting it, was explicitly adding the header in the HTTP Auth custom POST configuration page:
Two alternatives: either putting the explicit actual value there or using a session variable
So I ended up with an additional iRule event prior the HTTP Auth in the VPE flow:
- preparing and putting the payload into an APM session variable (with other session variables inside the payload) and
- calculating the length with [string length..] and putting that into another session variable
- then calling those variables in the HTTP Auth custom POST configuration page: payload in the custom body and length with add header Content-Length
The content length actually needed to be 4 bytes longer than the previously calculated value (the HTTP Auth custom POST config seems to add something to the body (perhaps 2xCRLF in the end?). There is a problem of debugging this, as I could not find a way to tcpdump traffic between the HTTP Auth and the layered VS (have raised a support case on this, but haven't got any answer...).
So my problem is sorted out but not the way I wanted it originally..
- Thriff
Nimbostratus
Hi,
I had the same issue with content-length missing (getting HTTP 411 from the SMS-service) but when I changed my layered VS redirect from a 301 to a 308 it didn't complain about it anymore.
You can see my layered VS configuration in this post: Http auth agent against SSL backend is not allowed | DevCentral
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com