Forum Discussion
goyogi
Nimbostratus
NimbostratusHSL for https redirects
Hello (DevCentral) world!
I'm running 11.5.1 and I'm trying to use HSL to log whenever the _sys_https_redirect irule does a redirect.
when HTTP_REQUEST {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
I pulled this HSL irule off of devcentral. I added logging to see where it was failing and from the logs I can see that the CLIENT_ACCEPTED and the HTTP_REQUEST portions of the irule are triggered but not the HTTP_RESPONSE. Any ideas why?
iRule Source for remote logging using HSL
From: W3C Extended Log File Examples (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ffdd7079-47be-4277-921f-7a3a6e610dcb.mspx?mfr=true
Fields: date time c-ip cs-username s-ip cs-method cs-uri-stem cs-uri-query sc-status sc-bytes cs-bytes time-taken cs-version cs(User-Agent) cs(Cookie) cs(Referrer)
when CLIENT_ACCEPTED {
Open a new high speed logging connection to the syslog pool named syslog_server_pool
set hsl [HSL::open -proto UDP -pool test.syslog.pool]
log local0. "client_accepted hit"
}
when HTTP_REQUEST priority 999 {
Save request variables that are not accessible in HTTP_RESPONSE, like the URI, request method, etc
set req_start [clock clicks -milliseconds]
set cs_username [HTTP::username]
set cs_uri_stem [HTTP::path]
set cs_uri_query [HTTP::query]
set cs_bytes [HTTP::header Content-Length]
set ua [HTTP::header User-Agent]
set cookies [HTTP::header values Cookie]
set referer [HTTP::header Referer]
log local0. "http_request hit"
}
when HTTP_RESPONSE {
Send the syslog message with a syslog facility of 134 (local0.info)
See the HSL wiki page for details on the facilties:
https://devcentral.f5.com/wiki/iRules.HSL__send.ashx
Replace null values with a hyphen:
Use string map to replace a "tab space tab" with "tab hyphen tab"
log local0. "http_response hit"
HSL::send $hsl "[string map [list "\t \t" "\t-\t"]\
"<134>\t\
[info hostname]\t\
[IP::local_addr]\t\
[clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\
[IP::client_addr]\t\
$cs_username\t\
[clientside {IP::local_addr}]\t\
$cs_uri_stem\t\
$cs_uri_query\t\
[HTTP::status]\t\
[HTTP::header Content-Length]\t\
[expr {[clock clicks -milliseconds] - $req_start}]\t\
[HTTP::version]\t\
\"$ua\"\t\
$cookies\t\
$referer\
"]\n"
}
Brad_ParkerCirrus
HTTP_RESPONSE won't be triggered if you are redirecting the traffic with no response coming from you pool member. HTTP_RESPONSE is a server side event.
https://devcentral.f5.com/questions/irule-event-order-http
goyogiThat's what I was thinking. Thanks for the logic map!
- goyogi
I combined it into one irule and removed the HTTP_RESPONSE. It's working as expected. Thanks!
when CLIENT_ACCEPTED { Open a new high speed logging connection to the syslog pool named syslog_server_pool set hsl [HSL::open -proto UDP -pool test.syslog.pool] } when HTTP_REQUEST priority 999 { Save request variables that are not accessible in HTTP_RESPONSE, like the URI, request method, etc HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] set req_start [clock clicks -milliseconds] set cs_username [HTTP::username] set cs_uri_stem [HTTP::path] set cs_uri_query [HTTP::query] set cs_bytes [HTTP::header Content-Length] set ua [HTTP::header User-Agent] set cookies [HTTP::header values Cookie] set referer [HTTP::header Referer] HSL::send $hsl "[string map [list "\t \t" "\t-\t"]\ "<134>\t\ [info hostname]\t\ [IP::local_addr]\t\ [clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\ [IP::client_addr]\t\ $cs_username\t\ [clientside {IP::local_addr}]\t\ $cs_uri_stem\t\ $cs_uri_query\t\ 302\t\ [HTTP::header Content-Length]\t\ [expr {[clock clicks -milliseconds] - $req_start}]\t\ [HTTP::version]\t\ \"$ua\"\t\ $cookies\t\ $referer\ "]\n" }