Forum Discussion
Adrien_Legros_1
Apr 13, 2012Altostratus
Insert the ASM support ID in the headers
We want to insert the ASM support id for each request that goes through the BigIP (Good or bad). When I tried the following code, I receive errors in the LTM logs.
I'm using version 11.1 hotfix 2.
Has someone already did this ?
Thanks for your help.
Code we tried:
when HTTP_REQUEST_SEND { log local0. "\[ASM::violation_data\]: [ASM::violation_data]" clientside { Insert a header in requests with the ASM Support ID HTTP::header insert ASM-SUPPORT-ID [lindex [ASM::violation_data] 1] log local0. "ASM-SUPPORT-ID: [HTTP::header ASM-SUPPORT-ID]" } }
- nitassEmployeejust wondering if good request has ASM support id.
- Adrien_Legros_1AltostratusI know that a support id is created for every request as our ASM log everything to a syslog and an id is always present.
- Adrien_Legros_1AltostratusErrors message that we have:
- hoolioCirrostratusCan you try HTTP_REQUEST_RELEASE instead?
when HTTP_REQUEST_RELEASE { log local0. "\[ASM::violation_data\]: [ASM::violation_data]" clientside { Insert a header in requests with the ASM Support ID log local0. "ASM-SUPPORT-ID: [HTTP::header ASM-SUPPORT-ID]" HTTP::header insert ASM-SUPPORT-ID [lindex [ASM::violation_data] 1] } }
- nitassEmployeei have to remove clientside {} in the irule.
root@ve1110(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.19.252:80 http-class { asmclass } ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { myrule } snat automap vlans-disabled } root@ve1110(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 priority-group 10 } } min-active-members 1 } root@ve1110(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when HTTP_REQUEST_RELEASE { log local0. "\[ASM::violation_data\]: [ASM::violation_data]" HTTP::header insert ASM-SUPPORT-ID [lindex [ASM::violation_data] 1] log local0. "ASM-SUPPORT-ID: [HTTP::header ASM-SUPPORT-ID]" } } packet trace [root@ve1110:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.251(39744) <-> 172.28.19.252(80) 1334326859.3323 (0.0009) C>S --------------------------------------------------------------- GET / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.252 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.11(39744) <-> 200.200.200.101(80) 1334326859.3389 (0.0040) C>S --------------------------------------------------------------- GET / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.252 Accept: */* ASM-SUPPORT-ID: 11937397497950896179 --------------------------------------------------------------- ltm log [root@ve1110:Active] config cat /var/log/ltm Apr 13 07:20:54 tmm notice tmm[7321]: 013e0001:5: Tcpdump starting bcast on 127.1.1.2:2 from 127.1.1.1:34736 Apr 13 07:20:59 tmm info tmm[7321]: Rule /Common/myrule : [ASM::violation_data]: {} 11937397497950896179 /Common/asmclass Informational 172.28.19.251 {} alarmed Apr 13 07:20:59 tmm info tmm[7321]: Rule /Common/myrule : ASM-SUPPORT-ID: 11937397497950896179 Apr 13 07:21:34 tmm notice tmm[7321]: 013e0002:5: Tcpdump stopping on 127.1.1.2:2 from 127.1.1.1:34736
- nitassEmployeethis is from wiki.
- hoolioCirrostratusThanks for testing this Nitass.
- nitassEmployeeyou are welcome Aaron :-)
- Adrien_Legros_1AltostratusIt works like a charm !!!
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects