For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stef_85923's avatar
Stef_85923
Icon for Nimbostratus rankNimbostratus
Jul 29, 2011

HSS header modification

I am trying to create an iRule wihci will affect the HSS header, the source IP will be be inserted in the new customer header (x-hss-auth) with a new on net/offnet flag. The iRule logic is the follw...
application delivery
dev
devops
iRules
Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Aug 02, 2011
Hi,

 

 

From what i can see there are a few issues with the code above.

 

 

[IP::x-wsbsourceip, 0.0.0.1] is not a valid command. You cannot use IP:: with whatever variable name you are using. Its a specific command or nothing. [IP::client_addr] is valid command and will return the clients IP address.

 

[IP::client_addr, 0.0.0.1] is not a valid command. IP::client_addr command does not accept any parameters at all. Only [IP::client_addr] is valid.

 

foreach name $ x-wsbsourceip { should read...

 

foreach name $x-wsbsourceip {

 

You have a space between the $ and the variable name. The subsequent lines have the same problem.

 

 

This following block of code handles the CLIENT ACCEPTED event but it does nothing...

 

 

when CLIENT_ACCEPTED {

 

go through request and remove all instances of the unwanted headers

 

(X-Net-Info, X-Forwarded-For in this example)

 

foreach header {X-Net-Info X-Forwarded-For} {

 

log local0. "Removing $header: [HTTP::header value $header ]"

 

HTTP::header remove $header

 

}

 

 

Assuming the last line with "}" is in error... the subsequent commands cannot be used. The CLIENT_ACCEPTED event is a TCP event (OSI layer 3) and not a HTTP (OSI layer 7) so IP::client_addr is valid where HTTP::header is not. HTTP is layer 7 and only available inside the HTTP events.