For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Clint_Denham_16's avatar
Clint_Denham_16
Icon for Nimbostratus rankNimbostratus
Aug 07, 2009

How to log when invalid response received

Hiyo - long time lurker who needs some basic help.     Not trying to get free support - just need an iRule example.     We are encountering a problem with a new SAP application...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 07, 2009
You can log when LTM parses the response headers from the server in the HTTP_RESPONSE event. But I'm not sure that's going to help here as there isn't a way to log the response headers sent to the client to compare the two. To be honest though, I wouldn't expect this response to break the response sending. Maybe it's an issue with response redirect rewriting on the HTTP profile? I'd think a tcpdump on the two VLANs would be your best bet to see what's happening. You could also check the /var/log/ltm log file for any related errors.

There are a few logging iRules in the Codeshare:

http://devcentral.f5.com/Wiki/default.aspx/iRules.CodeShare

Here's one which specifically logs the clientside request and serverside response headers.

http://devcentral.f5.com/wiki/default.aspx/iRules/LogHttpHeaders.html

To run a tcpdump on both VLANs you can use:

tcpdump -i 0.0 -s 0 -w /var/tmp/sap.dmp host CLIENT_IP or host NODE_IP

Is the reference to main.htm in the root or in the same path as the request was made to (/whatever/main.htm)? You could rewrite the redirect Location header value using an iRule: 

 
  when HTTP_REQUEST {  
  
      This event is only necessary if you need to log the requested path  
     set path [HTTP::path]  
  }  
  when HTTP_RESPONSE {  
  
      Check if response is a redirect  
     if {[HTTP::is_redirect]}{  
  
         Check if Location header value doesn't start with http  
        if {not ([string match -nocase "http*" [HTTP::header Location]])}{  
  
            Check if Location header value doesn't start with /  
           if {not ([string match -nocase "/*" [HTTP::header Location]])}{  
  
               Rewrite Location header value by prepending a forward slash  
              HTTP::header replace Location "/[HTTP::header Location]"  
  
               Or you could save the HTTP::path value to $path in HTTP_REQUEST and then use this  
                 to prepend the requested path to the redirect Location  
              HTTP::header replace Location [string range $path 0 [string last "/" $path]]  
           }  
        }  
     }  
  }

Aaron