Forum Discussion
Nicola_109119
Nimbostratus
NimbostratusHttp::collect to parse some data in the http request
Hi guys,
I am having troubles on some http payload (xml soap) that I can't see in an irule (once I see it, i'd be able to parse some data and allow or drop traffic).
I have tried to tcpdumpo the traffic (-s0) and I see all the soap request sent from a device to the server that is behind the Bigip, there's no limit, the soap request is complete with tcpdump.
In this xml soap (a sequence of values in this format):
(value)16(/value)
(value2)222(/value2)
.
.
.
I need to parse a specific field and then to compare it with a string, if they match, go otherwise drop, not too difficult.
Issue is that with my irule I can see only a part of the soap xml, and more than the last half of it is missing and not collected:
Here my Irule:
when HTTP_REQUEST {
HTTP::collect 2151
}
when HTTP_REQUEST_DATA {
log local0. " payload [HTTP::payload]"
}
When I'll be able to see the payoad in full, then I could use findstr to parse the string I need and do my tests.
As told, in /var/log/ltm I see just part of the Soap xml, the rest is just "not collected, and not logged".
Any reason why ?
Even replacing the value (that I saw with the tcpdump) of 2151 did not solve:
HTTP::collect [HTTP::header Content-Length]
I am stuck :/
Thx a lot to anyone who has some tips.
Nicola
hooleylistCirrostratus
Hi Nicola,
Can you post an anonymized copy of the request headers and payload? You can use tcpdump to capture this:
tcpdump -nni 0.0 -Xs0 host CLIENT_IP
Thanks, Aaron
Nicola_DTThanx for the answer Hoolio,
it happened that I managed to have the full payload, issue is the command "log local0." that only logs part of the full payload.
The log local0. is buggy, but the bigip is not :), I was able to parse with findstrthe full payload and to do all my test/substitution in it.
All's well.
Thanx,
Nicola.