Forum Discussion
NimbostratusHSS header modification
I am trying to create an iRule wihci will affect the HSS header, the source IP will be be inserted in the new customer header (x-hss-auth) with a new on net/offnet flag. The iRule logic is the follwoing:
Begin
{
If source address = 172.16.4.0/24
Extract handset source from x-wsb-sourceip from WAP Gateway
Delete previous x-hss-auth entry;
insert src address into x-hss-auth;
set on net flag = 1 in x-hss-auth;
}
Else
{
Delete previous x-hss-auth;
If source address = [ address list]
then {
insert src address into x-hss-auth;
set on net flag = 1 in x-hss-auth;
}
else {
insert src address into x-hss-auth;
Set on net flag = 0 in x-hss-auth
}
}
End
So far, I am stuck at the extraction (I know it is the beginning. Any clue, advice, critic is more than welcome.
class hss_wap_network { {
network 172.16.4.0/24
} }
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::hss_wap_network] } {
HTTP::header replace XXXX [IP::client_addr]"
5 Replies
Kevin_Davies_40Nacreous
To assist you, would need the format of both the headers.
x-wsb-sourceip
x-hss-auth
otherwise we dont know how to...
- extract handset source from x-wsb-sourceip header
- insert src address into x-hss-auth
- set on net flag in x-hss-auth
Stef_85923Thanks for you answer, below is the iRule I have created but it is not complete as I still do not know how to extract:
class On-Net {
{
network 10.37.0.0/16
network 10.38.0.0/16
network 10.45.0.0/16
network 10.48.0.0/16
network 10.54.0.0/16
network 10.55.0.0/16
network 10.56.0.0/16
network 10.57.0.0/16
network 10.67.0.0/16
network 10.68.0.0/16
network 10.69.0.0/16
network 10.70.0.0/16
network 10.118.0.0/16
network 10.120.0.0/16
network 10.121.0.0/16
network 10.122.0.0/16
network 10.123.0.0/16
network 10.124.0.0/16
network 10.125.0.0/16
network 10.125.0.0/16
network 10.126.0.0/16
network 10.127.0.0/16
network 10.129.0.0/16
network 10.162.0.0/16
network 10.163.0.0/16
network 10.167.0.0/16
network 10.169.0.0/16
network 10.174.0.0/16
network 10.187.0.0/16
network 10.189.0.0/16
network 10.197.0.0/16
network 10.198.0.0/16
network 10.199.0.0/16
network 10.206.0.0/16
network 101.112.0.0/16
network 101.113.0.0/16
network 101.114.0.0/16
network 101.115.0.0/16
network 101.116.0.0/16
network 101.117.0.0/16
network 101.118.0.0/16
network 120.16.0.0/16
network 120.17.0.0/16
network 120.18.0.0/16
network 120.19.0.0/16
network 120.20.0.0/16
network 120.21.0.0/16
network 120.22.0.0/16
network 120.23.0.0/16
}
}
class WAP {
{
network 172.16.4.0/24
}
}
rule hss-auth-test {
timing on
when CLIENT_ACCEPTED {
go through request and remove all instances of the unwanted headers
(X-Net-Info, X-Forwarded-For in this example)
foreach header {X-Net-Info X-Forwarded-For} {
log local0. "Removing $header: [HTTP::header value $header ]"
HTTP::header remove $header
}
Check if the client comming from Smartphone or WAP Gateway On-Net
if {[[matchclass [IP::client_addr] equals $::WAP]} {
HTTP::header insert X-HSS-Auth [IP::x-wsbsourceip, 0.0.0.1 ]
elseif {[class match [IP::client_addr] equals On-Net]} {
HTTP::header insert X-HSS-Auth [IP::client_addr, 0.0.0.1]
log local0. "My IP address is : [IP::client_addr]. I'm On-net - WAP Gateway if my address is from 172.16.4.0/24 range otherwise I'm Smarthphone"
return
}
else {
The customenr is coming form Internet and is Off-Net
HTTP::header insert X-HSS-Auth[IP::client_addr, 0.0.0.0]
}
}
}
when HTTP_REQUEST {
Inspect Header find x-wsbsourceip and get IP and set variable
set names [HTTP::header x-wsbsourceip]
foreach name $ x-wsbsourceip {
set val [HTTP::header value $ x-wsbsourceip]
log local0. " $ x-wsbsourceip: $WAP – SOURCE IP"
}
}- Kevin_Davies_40Hi,
From what i can see there are a few issues with the code above.
[IP::x-wsbsourceip, 0.0.0.1] is not a valid command. You cannot use IP:: with whatever variable name you are using. Its a specific command or nothing. [IP::client_addr] is valid command and will return the clients IP address.
[IP::client_addr, 0.0.0.1] is not a valid command. IP::client_addr command does not accept any parameters at all. Only [IP::client_addr] is valid.
foreach name $ x-wsbsourceip { should read...
foreach name $x-wsbsourceip {
You have a space between the $ and the variable name. The subsequent lines have the same problem.
This following block of code handles the CLIENT ACCEPTED event but it does nothing...
when CLIENT_ACCEPTED {
go through request and remove all instances of the unwanted headers
(X-Net-Info, X-Forwarded-For in this example)
foreach header {X-Net-Info X-Forwarded-For} {
log local0. "Removing $header: [HTTP::header value $header ]"
HTTP::header remove $header
}
Assuming the last line with "}" is in error... the subsequent commands cannot be used. The CLIENT_ACCEPTED event is a TCP event (OSI layer 3) and not a HTTP (OSI layer 7) so IP::client_addr is valid where HTTP::header is not. HTTP is layer 7 and only available inside the HTTP events. - Kevin_Davies_40
This code injects the X-HSS-Auth header to reflect the source of the traffic The header x-wsbsourceip should exist in the incoming request when coming from WAP networks X-HSS-Auth is x.x.x.x,0.0.0.y where x is the source address, y is 0 for internet or 1 for On-Net/WAP traffic when HTTP_REQUEST { remove headers we dont want HTTP::header remove {X-Net-Info} {X-Forwarded-For} inject header to show where we came from. if { [class match [IP::client_addr] equals WAP] } { set header "[HTTP:header {x-wsbsourceip}],0.0.0.1" } elseif { [class match [IP::client_addr] equals On-Net] } { set header "[IP::client_addr],0.0.0.1" } else { set header "[IP::client_addr],0.0.0.0" } HTTP::header insert {X-HSS-Auth} $header log "My IP address is [IP::client_addr]. My new header X-HSS-Auth: $header" }
Hope that helps. - Stef_85923Thanks a lot.
