Forum Discussion
Vijay_Kumar_963
Nimbostratus
NimbostratusHow to make irule for outgoing http request
Hi
We have an HTTP request which is going towards Internet from the WAP Gateway server.
Now we have the requirement to read the IP address present in the Cookie value of HTTP request and insert this IP into the SOURCE IP address of the HTTP request going out towrds Internet.
Is it feasible ? if yes how ?
4 Replies
What_Lies_Bene1Cirrostratus
Are there likely to be many values for the source IP? My thinking is that if there are not too many, you could create an SNAT for each one, then read the header and chose the appropriate SNAT based on it's value. This way the F5 will track the connection and all that good stuff.
- nitass
Employee
just doubt if ip is valid cookie value.
HTTP State Management Mechanism
http://tools.ietf.org/html/rfc6265section-3
this is my testing using http header instead of cookie.[root@ve10:Active] config b virtual bar list virtual bar { translate service disable pool gw destination any:80 mask 0.0.0.0 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve10:Active] config b pool gw list pool gw { members 172.28.19.254:any {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if { [scan [HTTP::header value "SNAT-IP-ADDRESS"] {%d.%d.%d.%d} a b c d] == 4 } { snat ${a}.${b}.${c}.${d} } } } on client curl -I http://8.8.8.8 -H "SNAT-IP-ADDRESS: 1.1.1.1" on bigip [root@ve10:Active] config tcpdump -nni 0.0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 16:38:23.155717 IP 200.200.200.101.49839 > 8.8.8.8.80: S 1788555863:1788555863(0) win 5840 16:38:23.155769 IP 8.8.8.8.80 > 200.200.200.101.49839: S 2802155735:2802155735(0) ack 1788555864 win 4380 16:38:23.156811 IP 200.200.200.101.49839 > 8.8.8.8.80: . ack 1 win 46 16:38:23.156852 IP 200.200.200.101.49839 > 8.8.8.8.80: P 1:177(176) ack 1 win 46 16:38:23.165656 IP 1.1.1.1.49839 > 8.8.8.8.80: S 2419732630:2419732630(0) win 4380 8.8.8.8.80: S 444058119:444058119(0) win 5840 16:39:40.602656 IP 8.8.8.8.80 > 200.200.200.101.49840: S 4032979623:4032979623(0) ack 444058120 win 4380 16:39:40.603846 IP 200.200.200.101.49840 > 8.8.8.8.80: . ack 1 win 46 16:39:40.603881 IP 200.200.200.101.49840 > 8.8.8.8.80: P 1:177(176) ack 1 win 46 16:39:40.604010 IP 2.2.2.2.49840 > 8.8.8.8.80: S 2964909812:2964909812(0) win 4380 - What_Lies_Bene1Nice work as ever nitass.
Vijay, can you confirm it the source IP is actually in a cookie or a header please? - nitassthanks Steve.
i checked rfc again and i think ip is valid cookie value.[root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { foreach acookie [HTTP::header values "Set-Cookie"] { if { [scan $acookie {SNAT-IP-ADDRESS=%d.%d.%d.%d} a b c d] == 4 } { snat ${a}.${b}.${c}.${d} break } } } } on client curl -I http://8.8.8.8 -H "Set-Cookie: test=1234" -H "Set-Cookie: SNAT-IP-ADDRESS=10.10.10.10; path=/" -H "Set-Cookie: foo=abcd" on bigip [root@ve10:Active] config tcpdump -nni 0.0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 19:59:09.615782 IP 200.200.200.101.49858 > 8.8.8.8.80: S 3734643271:3734643271(0) win 5840 19:59:09.615832 IP 8.8.8.8.80 > 200.200.200.101.49858: S 702811879:702811879(0) ack 3734643272 win 4380 19:59:09.616803 IP 200.200.200.101.49858 > 8.8.8.8.80: . ack 1 win 46 19:59:09.616826 IP 200.200.200.101.49858 > 8.8.8.8.80: P 1:245(244) ack 1 win 46 19:59:09.616992 IP 10.10.10.10.49858 > 8.8.8.8.80: S 16523661:16523661(0) win 4380
