How to add missing Content-Length header to an HTTP POST request?

Nimbostratus

Mar 06, 2015

Thanks Jason

I did not spend much time on this on the layered VS, tested a bit, until gave up, so, unfortunately I did not document the testing much, but I try to recall what I found:

The APM HTTP Auth object did not put any content length header into the custom POST request to the layered VS, unless it was not specifically added via the GUI
with an iRule at the layered VS, I tried HTTP::collect in the when HTTP_REQUEST event with no or different content length parameter values (longer, smaller, actual), also tried adding HTTP::release..
The when HTTP_REQUEST_DATA did not fire at all

So, for me, there was no option to read HTTP::payload and calculate the actual length with for example [string length HTTP::payload] command within the when HTTP_REQUEST_DATA event.. Setting of Content-Length header in that event did not succeed, either. Actually the connection hanged in most configs.. Tried the same in when HTTP_REQUEST event, calculate the length and set the header, similar results or even tcl scope problems..

After a few of hours of trying, I gave up and proceeded with my alternative option and succeeded.

The only way I got the Content-Length header set up and my target auth application accepting it, was explicitly adding the header in the HTTP Auth custom POST configuration page:

Two alternatives: either putting the explicit actual value there or using a session variable

So I ended up with an additional iRule event prior the HTTP Auth in the VPE flow:

preparing and putting the payload into an APM session variable (with other session variables inside the payload) and
calculating the length with [string length..] and putting that into another session variable
then calling those variables in the HTTP Auth custom POST configuration page: payload in the custom body and length with add header Content-Length

The content length actually needed to be 4 bytes longer than the previously calculated value (the HTTP Auth custom POST config seems to add something to the body (perhaps 2xCRLF in the end?). There is a problem of debugging this, as I could not find a way to tcpdump traffic between the HTTP Auth and the layered VS (have raised a support case on this, but haven't got any answer...).

So my problem is sorted out but not the way I wanted it originally..

Forum Discussion

How to add missing Content-Length header to an HTTP POST request?

Recent Discussions

Can i apply ddos profile on virtual server using port range

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

ASM Export JSON - size Limit ?

SNI Sites not taking correct certificate.

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Related Content

Invalid Content-Length header caused Big-IP to terminate connection?

Logging DNS Requests

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

Node.js HTTP Message Body: Transfer-Encoding and Content-Length in LineRate lrs/virtualServer Module

GitLab Vulnerability, Secure by Design Pledge, & Near Miss Supply Chain Attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS