Forum Discussion
NimbostratusICAP with iRule Response Page without ASM
Hello,
Firstly sorry for my english :-)
We are running Big IP LTM 11.5.1 Build 7.0.167 Hotfix HF7.
We set up Content Adaptation for HTTP request to check files uploaded through one of our website using ICAP.
We follow this https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-5-1/14.htmlunique_1613576295
It is working fine BUT there is always a "but", in case a virus is detected the ICAP servers modify the response to the initial POST with its own response page saying "a virus has been detected bla bla bla"
The web page is ugly so we would like to redirect the end-user to a dedicated and corporate web page of our web site saying " we are sorry but we detect a virus within your upload so your files have been refused"
Within our irule, we used the event "ADAPT_REQUEST_RESULT" to set up a variable to 1 when a virus is found, this working =>
when ADAPT_REQUEST_RESULT {
set ADAPTvar 0
if { ([ADAPT::result request] contains "respond") }{
set ADAPTvar 1
log local0. "ICAP: Check ADAPT VAR: == $ADAPTvar => Virus Found"
}
} else {
set ADAPTvar 0
log local0. "ICAP: Check ADAPT VAR: == $ADAPTvar => Virus NOT Found"
}
}
But we are unable to find a event where to use this variable to send a redirect :-(
The test is simple :
if { [info exists ADAPTvar] && $ADAPTvar == 1} {
log local0. "ICAP: ADAPT VAR Virus Found"
}
The test failed within : HTTP_REQUEST_RELEASE, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA...
The test is ok within : HTTP_RESPONSE_RELEASE but in this event the redirect is not allowed (HTTP:redirect or HTTP::response).
How could we redirect the POST of the user to a dedicated page within our website if a virus is found using ICAP internal VS ?
Many thanks in advance for any help on this matter: I am stuck for 2 days now...
Regards,
Icham B.
14 Replies
BichamI forgot to say that the logs from the event : ADAPT_REQUEST_RESULT are OK. So we are able within the Standard VS in front of our website to determine if a virus was found or not. But we are unable to use this information to respond with a dedicated web page to this. I found a nice solution (very instructive in devcentral as usual) but it needs ASM. Unfortunately we do not have ASM.- Bicham
Please, could someone provide advice or idea on this issue ?
- Bicham
Found the solution => need to upgrade the LTM to v11.6.0 HF6 at least to be able to perform a redirect into the event HTTP_RESPONSE_RELEASE...
BobbyHi Bicham,will you be able to share your irule and which vs to input?
Vijay_JainAltostratus
Can you share the Irule which you used to redirect the page.
rahulpr_134840Hi Bicham,how you fixed it?
- MS_273769
Hi Bicham I am having exactly the same problem and have also updated the F5 firmware to 11.6.1 but it is not allowing me to use HTTP_RESPONSE_RELEASE. Could you please share some knowledge how you fixed it. Thanks in advance.
Cheers MS
- boneyard
MVP
Bicham doesn't seem to have logged in since 2015, how doesn't the F5 allow you to use HTTP_RESPONSE_RELEASE?
- MS_273769
when i try to configure following i receive the following error message:
when HTTP_RESPONSE_RELEASE { if { $VirusDetected == 1 } { HTTP::redirect "http://10.101.10.1:4713/files/attachment_blocked.html"
} }Error Message:
01070151:3: Rule [/Axx-xx-EXTRANET/_ICAP_nonprod_redirect_request_adaptaion] error: /Axx-xx-EXTRANET/xx_ICAP_nonprod_redirect_request_adaptaion:22: error: [command is not valid in current event context (HTTP_RESPONSE_RELEASE)][HTTP::redirect "http://10.101.10.1:4713/files/attachment_blocked.html"]
- Vijay_Jain
I tried the same on 13.1.1 and got the same error. Is this fix for you?
