HSS header modification

To assist you, would need the format of both the headers.

 

 

x-wsb-sourceip

 

x-hss-auth

 

 

otherwise we dont know how to...

 

- extract handset source from x-wsb-sourceip header

 

- insert src address into x-hss-auth

 

- set on net flag in x-hss-auth

 

Thanks for you answer, below is the iRule I have created but it is not complete as I still do not know how to extract:

 

 

 

class On-Net {

 

{

 

network 10.37.0.0/16

 

network 10.38.0.0/16

 

network 10.45.0.0/16

 

network 10.48.0.0/16

 

network 10.54.0.0/16

 

network 10.55.0.0/16

 

network 10.56.0.0/16

 

network 10.57.0.0/16

 

network 10.67.0.0/16

 

network 10.68.0.0/16

 

network 10.69.0.0/16

 

network 10.70.0.0/16

 

network 10.118.0.0/16

 

network 10.120.0.0/16

 

network 10.121.0.0/16

 

network 10.122.0.0/16

 

network 10.123.0.0/16

 

network 10.124.0.0/16

 

network 10.125.0.0/16

 

network 10.125.0.0/16

 

network 10.126.0.0/16

 

network 10.127.0.0/16

 

network 10.129.0.0/16

 

network 10.162.0.0/16

 

network 10.163.0.0/16

 

network 10.167.0.0/16

 

network 10.169.0.0/16

 

network 10.174.0.0/16

 

network 10.187.0.0/16

 

network 10.189.0.0/16

 

network 10.197.0.0/16

 

network 10.198.0.0/16

 

network 10.199.0.0/16

 

network 10.206.0.0/16

 

network 101.112.0.0/16

 

network 101.113.0.0/16

 

network 101.114.0.0/16

 

network 101.115.0.0/16

 

network 101.116.0.0/16

 

network 101.117.0.0/16

 

network 101.118.0.0/16

 

network 120.16.0.0/16

 

network 120.17.0.0/16

 

network 120.18.0.0/16

 

network 120.19.0.0/16

 

network 120.20.0.0/16

 

network 120.21.0.0/16

 

network 120.22.0.0/16

 

network 120.23.0.0/16

 

}

 

}

 

 

 

class WAP {

 

{

 

network 172.16.4.0/24

 

}

 

}

 

 

rule hss-auth-test {

 

timing on

 

when CLIENT_ACCEPTED {

 

go through request and remove all instances of the unwanted headers

 

(X-Net-Info, X-Forwarded-For in this example)

 

foreach header {X-Net-Info X-Forwarded-For} {

 

log local0. "Removing $header: [HTTP::header value $header ]"

 

HTTP::header remove $header

 

}

 

Check if the client comming from Smartphone or WAP Gateway On-Net

 

if {[[matchclass [IP::client_addr] equals $::WAP]} {

 

 

HTTP::header insert X-HSS-Auth [IP::x-wsbsourceip, 0.0.0.1 ]

 

 

elseif {[class match [IP::client_addr] equals On-Net]} {

 

HTTP::header insert X-HSS-Auth [IP::client_addr, 0.0.0.1]

 

log local0. "My IP address is : [IP::client_addr]. I'm On-net - WAP Gateway if my address is from 172.16.4.0/24 range otherwise I'm Smarthphone"

 

return

 

}

 

else {

 

The customenr is coming form Internet and is Off-Net

 

HTTP::header insert X-HSS-Auth[IP::client_addr, 0.0.0.0]

 

}

 

}

 

}

 

 

 

when HTTP_REQUEST {

 

Inspect Header find x-wsbsourceip and get IP and set variable

 

set names [HTTP::header x-wsbsourceip]

 

foreach name $ x-wsbsourceip {

 

set val [HTTP::header value $ x-wsbsourceip]

 

log local0. " $ x-wsbsourceip: $WAP – SOURCE IP"

 

}

 

}

 

Hi,

 

 

From what i can see there are a few issues with the code above.

 

 

[IP::x-wsbsourceip, 0.0.0.1] is not a valid command. You cannot use IP:: with whatever variable name you are using. Its a specific command or nothing. [IP::client_addr] is valid command and will return the clients IP address.

 

[IP::client_addr, 0.0.0.1] is not a valid command. IP::client_addr command does not accept any parameters at all. Only [IP::client_addr] is valid.

 

foreach name $ x-wsbsourceip { should read...

 

foreach name $x-wsbsourceip {

 

You have a space between the $ and the variable name. The subsequent lines have the same problem.

 

 

This following block of code handles the CLIENT ACCEPTED event but it does nothing...

 

 

when CLIENT_ACCEPTED {

 

go through request and remove all instances of the unwanted headers

 

(X-Net-Info, X-Forwarded-For in this example)

 

foreach header {X-Net-Info X-Forwarded-For} {

 

log local0. "Removing $header: [HTTP::header value $header ]"

 

HTTP::header remove $header

 

}

 

 

Assuming the last line with "}" is in error... the subsequent commands cannot be used. The CLIENT_ACCEPTED event is a TCP event (OSI layer 3) and not a HTTP (OSI layer 7) so IP::client_addr is valid where HTTP::header is not. HTTP is layer 7 and only available inside the HTTP events.

 

 

 This code injects the X-HSS-Auth header to reflect the source of the traffic
 The header x-wsbsourceip should exist in the incoming request when coming from WAP networks
 X-HSS-Auth is x.x.x.x,0.0.0.y where x is the source address, y is 0 for internet or 1 for On-Net/WAP traffic

when HTTP_REQUEST { 
    remove headers we dont want 
   HTTP::header remove {X-Net-Info} {X-Forwarded-For} 
    inject header to show where we came from. 
   if { [class match [IP::client_addr] equals WAP] } { 
    set header "[HTTP:header {x-wsbsourceip}],0.0.0.1" 
   } elseif { [class match [IP::client_addr] equals On-Net] } { 
     set header "[IP::client_addr],0.0.0.1" 
   } else { 
     set header "[IP::client_addr],0.0.0.0" 
   } 
   HTTP::header insert {X-HSS-Auth} $header 
   log "My IP address is [IP::client_addr]. My new header X-HSS-Auth: $header"  
}

 

Hope that helps.

 

Thanks a lot.