Forum Discussion
AltostratusHow use BIG-IP to capture HTTP request and response
Hi gurus,
I want to use BIG-IP Virtual Server (with HTTP profile) and capture full HTTP request and response. Can I do that? We can not debug on the Client and the real Server. Thanks
Phong
9 Replies
Amine_KadimiMVP
- Jad_Tabbara__J1
Cirrostratus
Hello,
In fact you can use tcpdump but there is 2 problem with tcpdump :
1) If it is HTTPS, you will be forced to decrypted the traffic otherwise you will not view the request and response in clear text. 2) The second problem is that you must launched manually each time you want to capture traffic
My suggestion is to use irule to log all request and response header. This requires to have a VS with HTTP profile (Layer 7 VS "Standard").
You have to add an irule that will look like this one
Code when HTTP_REQUEST { set request "Client IP : [IP::client_addr] Host: [HTTP::host] [HTTP::method] [HTTP::uri]" } when HTTP_RESPONSE { set response "Status: [HTTP::status] Content-Type: [HTTP::header "Content-Type"] Content-Length: [HTTP::header "Content-Length"] " log local0. "Request --> $request Response --> $response" }I think that you can find many example of more complete "debug-irule" or you can adapt it to your need
Hope that this helps
Phong_Tang_7213Hi all,
 
I can use HTTP::collect & HTTP::payload to get full content https://clouddocs.f5.com/api/irules/HTTP__collect.html
 
But when I write to log by "log local0. "$payload". It's not enough content
 
May I write the $payload to a file on big-ip?
 
Thanks
 
Phong
 
kunjanNimbostratus
To capture request POST you can try this.
when HTTP_REQUEST { if { [HTTP::method] equals "POST" } { catch { HTTP::collect [HTTP::header Content-Length] } } } when HTTP_REQUEST_DATA { log local0. "[HTTP::payload]" }But I guess the option to troubleshoot for APM SSO, could be to use HTTPWatch or Fiddler.
- Phong_Tang_7213
Thank kunjan
I can not touch the Client and Server so I must do on F5. The "log local0. "[HTTP::payload]"" can not log full HTTP payload to logging
Phong
kunjan_118660Cumulonimbus
To capture request POST you can try this.
when HTTP_REQUEST { if { [HTTP::method] equals "POST" } { catch { HTTP::collect [HTTP::header Content-Length] } } } when HTTP_REQUEST_DATA { log local0. "[HTTP::payload]" }But I guess the option to troubleshoot for APM SSO, could be to use HTTPWatch or Fiddler.
- Phong_Tang_7213
Thank kunjan
I can not touch the Client and Server so I must do on F5. The "log local0. "[HTTP::payload]"" can not log full HTTP payload to logging
Phong
- oscarnet_69487
HI you can use irule example
code when HTTP_REQUEST { set REQUEST_RECEIVE [clock clicks -milliseconds] set uri [HTTP::uri] set clientip [IP::client_addr] set clientport [TCP::client_port] } when HTTP_RESPONSE { set RESPONSE_RECEIVE [expr {[clock clicks -milliseconds] - $REQUEST_RECEIVE}] log local0. "Server response took longer than ms: $RESPONSE_RECEIVE . TCP connection from [IP::client_addr]:[TCP::client_port] to [LB::server addr]:[LB::server port].Requested URI is ${uri}" } - kunjan
How about this:
when HTTP_REQUEST { if {[HTTP::method] eq "POST"}{ if {[HTTP::header "Content-Length"] ne "" { HTTP::collect [HTTP::header Content-Length] } else { HTTP::collect 20000 } } } when HTTP_REQUEST_DATA { log local0. "payload is [HTTP::payload]" }
