Forum Discussion

Adrien_Legros_1's avatar
Adrien_Legros_1
Icon for Altostratus rankAltostratus
Apr 13, 2012

Insert the ASM support ID in the headers

We want to insert the ASM support id for each request that goes through the BigIP (Good or bad). When I tried the following code, I receive errors in the LTM logs.

 

I'm using version 11.1 hotfix 2.

 

Has someone already did this ?

 

 

Thanks for your help.

 

 

Code we tried:

 

 

when HTTP_REQUEST_SEND { log local0. "\[ASM::violation_data\]: [ASM::violation_data]" clientside { Insert a header in requests with the ASM Support ID HTTP::header insert ASM-SUPPORT-ID [lindex [ASM::violation_data] 1] log local0. "ASM-SUPPORT-ID: [HTTP::header ASM-SUPPORT-ID]" } }

9 Replies

  • just wondering if good request has ASM support id.

     

     

    regarding the irule, is ASM::violation_data valid in HTTP_REQUEST_SEND event?

     

     

    ASM::violation_data wiki

     

    https://devcentral.f5.com/wiki/iRules.ASM__violation_data.ashx
  • I know that a support id is created for every request as our ASM log everything to a syslog and an id is always present.
  • Errors message that we have:

     

     

    Fri Apr 13 14:07:14 CEST 2012 info tmm1 tmm1[7656] 01220008 Unable to resume pending rule event HTTP_REQUEST_SEND for closed 193.53.48.1:10985->193.53.57.43:80 (listener: /Common/www-test)

     

  • Can you try HTTP_REQUEST_RELEASE instead?

    
    when HTTP_REQUEST_RELEASE {
     log local0. "\[ASM::violation_data\]: [ASM::violation_data]"
    clientside {
     Insert a header in requests with the ASM Support ID 
    log local0. "ASM-SUPPORT-ID: [HTTP::header ASM-SUPPORT-ID]"
    HTTP::header insert ASM-SUPPORT-ID [lindex [ASM::violation_data] 1] 
    }
    }
    

    Aaron
  • i have to remove clientside {} in the irule.

    root@ve1110(Active)(/Common)(tmos) list ltm virtual bar
    ltm virtual bar {
        destination 172.28.19.252:80
        http-class {
            asmclass
        }
        ip-protocol tcp
        mask 255.255.255.255
        pool foo
        profiles {
            http { }
            tcp { }
        }
        rules {
            myrule
        }
        snat automap
        vlans-disabled
    }
    root@ve1110(Active)(/Common)(tmos) list ltm pool foo
    ltm pool foo {
        members {
            200.200.200.101:80 {
                address 200.200.200.101
                priority-group 10
            }
        }
        min-active-members 1
    }
    root@ve1110(Active)(/Common)(tmos) list ltm rule myrule
    ltm rule myrule {
        when HTTP_REQUEST_RELEASE {
       log local0. "\[ASM::violation_data\]: [ASM::violation_data]"
       HTTP::header insert ASM-SUPPORT-ID [lindex [ASM::violation_data] 1]
       log local0. "ASM-SUPPORT-ID: [HTTP::header ASM-SUPPORT-ID]"
    }
    }
    
     packet trace
    
    [root@ve1110:Active] config  ssldump -Aed -nni 0.0 port 80
    New TCP connection 1: 172.28.19.251(39744) <-> 172.28.19.252(80)
    1334326859.3323 (0.0009)  C>S
    ---------------------------------------------------------------
    GET / HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: 172.28.19.252
    Accept: */*
    
    ---------------------------------------------------------------
    
    New TCP connection 2: 200.200.200.11(39744) <-> 200.200.200.101(80)
    1334326859.3389 (0.0040)  C>S
    ---------------------------------------------------------------
    GET / HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: 172.28.19.252
    Accept: */*
    ASM-SUPPORT-ID: 11937397497950896179
    
    ---------------------------------------------------------------
    
     ltm log
    
    [root@ve1110:Active] config  cat /var/log/ltm
    Apr 13 07:20:54 tmm notice tmm[7321]: 013e0001:5: Tcpdump starting bcast on 127.1.1.2:2 from 127.1.1.1:34736
    Apr 13 07:20:59 tmm info tmm[7321]: Rule /Common/myrule : [ASM::violation_data]: {} 11937397497950896179 /Common/asmclass Informational 172.28.19.251 {} alarmed
    Apr 13 07:20:59 tmm info tmm[7321]: Rule /Common/myrule : ASM-SUPPORT-ID: 11937397497950896179
    Apr 13 07:21:34 tmm notice tmm[7321]: 013e0002:5: Tcpdump stopping on 127.1.1.2:2 from 127.1.1.1:34736
    
  • this is from wiki.

     

     

    Most HTTP commands should work in this event. The following commands are disallowed for HTTP_REQUEST_RELEASE:

     

     

    HTTP::collect

     

    HTTP::fallback

     

    HTTP::payload

     

    HTTP::redirect

     

    HTTP::release

     

    HTTP::respond

     

    HTTP::retry

     

    HTTP_REQUEST_RELEASE wiki

     

    https://devcentral.f5.com/wiki/irules.HTTP-REQUEST-RELEASE.ashx
  • It works like a charm !!!

     

     

    Thanks a lot for your help, again a fast and great support on Devcentral.