Forum Discussion
BharatSharda
Altostratus
AltostratusInsert text to HTTP header via iRule event during APM execution
Hi Community Members, We are trying to insert some text to HTTP header through an iRule which will check for ACCESS_POLICY_AGENT_EVENT generated by via iRule event during an APM checking. Event "...
HTTP_REQUEST_SEND is also one of the event can be used to send the APM variable.
https://support.f5.com/csp/article/K74392192
so worth trying below. modify as needed.
when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "event_1" } { ACCESS::session data set session.custom.header "value" set header [ACCESS::session data get "session.custom.header"] } } when HTTP_REQUEST_SEND { clientside { if {[info exists header]}{ HTTP::header insert "headername" $header } else { return } } }
Nikoolayy1
MVP
MVPYou want to insert the header in the request or response ?
Try with "ACCESS_POLICY_COMPLETED" or "HTTP_REQUEST" or "ACCESS_ACL_ALLOWED" or even "HTTP_REQUEST" to do this.
You may also see:
https://devcentral.f5.com/s/question/0D71T000006gzth/detail?s1oid=00D00000000hXqv&s1nid=0DB1T0000008Ony&emkind=chatterCommentNotification&s1uid=0051T000008eyBa&emtm=1617222886798&fromEmail=1&s1ext=0
BharatShardaAltostratus
AltostratusHi Nikoolayy1,
Thank you for your suggestion.
Our expectation is to insert the header when the flow goes through just a certain APM check (branch path) and a certain condition is met, that is because we tried to use ACCESS_POLICY_AGENT_EVENT. Header should not be added by any other APM branch.
If we use "ACCESS_POLICY_COMPLETED" or "HTTP_REQUEST" or "ACCESS_ACL_ALLOWED" or even "HTTP_REQUEST", header will be added for all the checks, not just by a specific APM.
spalandeNacreous
May be worth to try something like below. Let us know how the testing goes
when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "event_1" } { ACCESS::session data set session.custom.header "value" set header [ACCESS::session data get "session.custom.header"] } } when ACCESS_POLICY_COMPLETED { if {[info exists header]}{ HTTP::header replace "headername" $header } else { return } }- BharatSharda
Hi SanjayP,
Thank you for your reply.
I tried to set the same under a single iRule as well as 2 separate iRules with ( when function each) to be executed one after another, but no luck.
The session.custom.header is getting set in first when block, but after the execution completion of APM, the header replace\insertion is still not working.
- spalande
Can you enable some logging and see what's happeing. also edit the iRule to add "insert header"
when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "event_1" } { ACCESS::session data set session.custom.header "value" set header [ACCESS::session data get "session.custom.header"] log local0. "header: $header" } } when ACCESS_POLICY_COMPLETED { if {[info exists header]}{ log local0. "header found" HTTP::header insert "headername" $header log local0. "header inserted with value $header" } else { log local0. "no header added as event doesn't match" return } }"
- Nikoolayy1
I think that to set headers or cookies with the event "ACCESS_POLICY_COMPLETED", you need to use the "ACCESS::respond", as I gave in the example in my previous update as "ACCESS_POLICY_COMPLETED" by default does not overide the default APM response after the policy check is completed:
Example:
https://clouddocs.f5.com/api/irules/ACCESS_POLICY_COMPLETED.html
The "ACCESS_ACL_ALLOWED" can be tested as it seems much easy and you can just add a header. So maybe just replace "ACCESS_POLICY_COMPLETED" with "ACCESS_ACL_ALLOWED" on the conbined iRule and if there are issues try "ACCESS::respond" with the event "ACCESS_POLICY_COMPLETED" and enable logs with ''log local0'' to see where is the issues.
- BharatSharda
Hi Nikoolayy1,
"ACCESS_POLICY_COMPLETED" with "ACCESS_ACL_ALLOWED" on the conbined iRule didn't helped much. But yes enabling log local0 helped to trace the flow. Thanks much for your help. Cheers.