Forum Discussion
chenchiiren_213
Nimbostratus
NimbostratusHTTP Payload Log
I want to analyze http response content. So, i wrote an irule code as below:
when HTTP_REQUEST {
set replace_content 1
HTTP::header remove "Accept-Encoding"
if { [HTTP::version] eq "1.1" } {
if { [HTTP::header is_keepalive] } {
HTTP::header replace "Connection" "Keep-Alive"
}
HTTP::version "1.0"
}
}
when HTTP_RESPONSE {
if {$replace_content equals "1"} {
if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576}{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
Check if $content_length is not set to 0
if { $content_length > 0} {
HTTP::collect $content_length
}
}
}
when HTTP_RESPONSE_DATA {
if {$replace_content equals "1"} {
set payload [HTTP::payload]
log $payload
}
}
But payload log as the image, how fix it ~
2 Replies
tatmotivCirrostratus
Why don't you exclude images in your last event, e.g. like that:
when HTTP_RESPONSE_DATA { if {$replace_content equals "1"} { if { not ([HTTP::header "Content-Type"] starts_with "Image/") } { set payload [HTTP::payload] log $payload } } }
Jad_Tabbara__J1You can see what "Content-Type" you are printing by logging the "Content-Type" header using
when HTTP_RESPONSE_DATA { if {$replace_content equals "1"} { set payload [HTTP::payload] log "Content-Type: [HTTP::header Content-Type]" log $payload } }If you need to print only readable "text" you may limit logging to "text" content-type by adding one condition :
when HTTP_RESPONSE { if { ($replace_content equals "1") AND ([HTTP::header "Content-Type"] contains "text") } { ...Regards
