Forum Discussion
qqdixf5_74186
Nimbostratus
Nimbostratushttp::retry question
I am having some problems with a rule which uses http::retry command. What I am trying to do here is authentiting the request against an external service. When a request comes in, an auth request is s...
qqdixf5_74186Nimbostratus
NimbostratusHere is the current rule which is working. Thanks for taking a look!
when CLIENT_ACCEPTED {
set the flag to control lookup
set lookup 0
}
when HTTP_REQUEST {
check lookup flag. Value 0 means the request needs to be authenticated.
if { $lookup == 0 } {
log local0. "Start Authentication Process..."
save the original request and original payload and payload length
set original_request [HTTP::request]
set original_payload [HTTP::payload]
set original_payload_length [HTTP::payload length]
log local0.debug "Original Request = $original_request"
log local0.debug "Original Payload = $original_payload"
authenticate against auth service
set token_id "i0adc5d150456711529677be25a1b52e6"
clean the auth request payload
HTTP::payload replace 0 $original_payload_length " "
inject lookup URI in place of original request
HTTP::uri "/AuthService/ValidateToken.jsp?token=$token_id"
remove extra headers from the auth request
HTTP::header sanitize "Host"
log local0.debug "Sending Auth Request to AUTH_SERVICE pool = [HTTP::request]"
pool AUTH_SERVICE
} else {
log local0.info "Request is authenticated, sending it to service pool"
correct the request payload and content length
set retry_payload_length [HTTP::payload length]
HTTP::payload replace 0 $retry_payload_length $original_payload
if { [HTTP::header exists "Content-Length"] } {
HTTP::header replace "Content-Length" $original_payload_length
}
log local0.debug "Request = [HTTP::request]"
log local0.debug "Payload = [HTTP::payload]"
pool SERVICE_POOLA
}
}
when HTTP_RESPONSE {
collect first response (from lookup server) only
if { $lookup == 0} {
log local0.debug "Received Auth Response from Sso service"
} else {
log local0.debug "Received Response for original request"
}
HTTP::collect 1
}
when HTTP_RESPONSE_DATA {
set payload [HTTP::payload]
if { $lookup == 0 } {
check if the auth payload contains "Accepted". If so, replay the origianl request.
if { $payload contains "Accepted" } {
log local0.info "Request authenticated. Now send the original request to the backend service pool = $original_request"
set lookup 1
pool SERVICE_POOLA
HTTP::retry $original_request
} else {
log local0.info "Request Denied. No request will be sent to backend service pool"
reject
}
} else {
log local0.debug "Original Response Payload = $payload"
}
}
