For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

breasoner_11658's avatar
breasoner_11658
Icon for Nimbostratus rankNimbostratus
Mar 02, 2012

Inserting WL-Proxy-SSL header via iRule

Hello -       I have an application that is a bit strange in the sense that certain pages require the "WL-Proxy-SSL: true" request header to display all elements on the page via SSL, but o...
application delivery
dev
devops
iRules
breasoner_11658's avatar
breasoner_11658
Icon for Nimbostratus rankNimbostratus
Mar 02, 2012
Nothing that sensitive in the iRule, here's the full text. 


when HTTP_REQUEST {

   The Wfm3g Datagroup List
  set DATA_GROUP_LIST QA-Multiple-Portal

   Get the request Host
  set host [HTTP::host]

  Get the URI
  set uri [string tolower [HTTP::uri]]

   The Wfm3g session cookie name
  set wfm3g_cookie_name "JSESSIONID"
  
   The Jasper Server session cookie name
  set jasper_cookie_name "JASPERSESSIONID"
  
   The JasperServer web context
  set jasperreports_uri "/jasperserver-pro"

   The JasperServer is down URL
  set jasperisdownurl "/ute/jsp/reportingServerUnavailable.jsp"
  
   The default JasperServer Pool name. Used if one is not specified
   in the data group list for the client.
  set DEFAULT_JASPER_POOL "Default-Jasper-Pool"
  
   3G wfm context
    set wfm3g_wfm_uri "/wfm"
    
   Script Resource context
    set scriptresource_uri "/scriptresource.axd"
      
     Web Resource context
    set webresource_uri "/webresource.axd"
  
   Portal context
    set portal_uri "/portal"
    set DEFAULT_PORTAL_POOL "Portal-PMQA-Pool"
    
   Layouts context
    set layouts_uri "/_layouts"

   Set Header information
    set WLheader "WL-Proxy-SSL"
set WLheaderVal "true"
  
                             
   Retrieve the list of pools from the data group list
  set clientPoolList [ findclass $host $DATA_GROUP_LIST " " ]

  Route requests to Portal.
    if { $uri starts_with $portal_uri }{
HTTP::header insert $WLheader $WLheaderVal
        Identify the Portal pool
          set portal_pool [getfield $clientPoolList " " 3]
          log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
              pool $portal_pool  
          return

     } elseif { $uri starts_with $layouts_uri }{
HTTP::header insert $WLheader $WLheaderVal
log local0. "Inserting $WLheader: [HTTP::header value $WLheader]"
        Identify the Portal pool
          set portal_pool [getfield $clientPoolList " " 3]
          log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
              pool $portal_pool  
          return

     } elseif { $uri starts_with $scriptresource_uri }{
  HTTP::header insert $WLheader $WLheaderVal
  Identify the Portal pool
          set portal_pool [getfield $clientPoolList " " 3]
          log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
              pool $portal_pool  
          return
                 
     } elseif { $uri starts_with $webresource_uri }{
HTTP::header insert $WLheader $WLheaderVal
        Identify the Portal pool
        set portal_pool [getfield $clientPoolList " " 3]
        log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
            pool $portal_pool  
        return
  
  Route requests to Jasper.
     } elseif { $uri starts_with $jasperreports_uri }{
  
     Identify the Jasper pool
        set jasper_pool [getfield $clientPoolList " " 2]
      If Jasper pool is not explicitly set for the client, use default
        if { $jasper_pool eq "" }{
           set jasper_pool $DEFAULT_JASPER_POOL
           }
      Make sure there is at least one Jasper server running
        if { [active_members $jasper_pool] < 1 } {
           HTTP::redirect $jasperisdownurl
        } else {
          log local0.notice "Forwarding to Jasper Report pool: $jasper_pool. Uri: $uri"
          pool $jasper_pool
          return
        }
  
  Route WFM requests to 3G Pool
    } elseif { $uri starts_with $wfm3g_wfm_uri }{
        set wfm3g_pool [getfield $clientPoolList " " 1]
        log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri"
        pool $wfm3g_pool
      return 
             
   } elseif { $uri equals "/" }{
       
        HTTP::uri "/wfm"
        set wfm3g_pool [getfield $clientPoolList " " 1]
        log local0.notice "BLANK URI - Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri"
        pool $wfm3g_pool
      return 
         
  } else {
  
      Identify the 3G pool
      set wfm3g_pool [getfield $clientPoolList " " 1]
  foreach header {WL-Proxy-SSL} {
             log local0. "Removing $header: [HTTP::header value $header]"
           HTTP::header remove $header  
      log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri"
      pool $wfm3g_pool
      return
    }  
  }
}

when HTTP_RESPONSE {
  
   Secure the outbound Wfm3g cookie.
  if { [HTTP::cookie exists $wfm3g_cookie_name] } {
     HTTP::cookie secure $wfm3g_cookie_name enable
  }

   Secure the outbound JasperServer cookie.
  if { [HTTP::cookie exists $jasper_cookie_name] } {
     HTTP::cookie secure $jasper_cookie_name enable
  }
}

Here's the output of the Header log iRule when I insert the header via the http profile: 


Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : =============================================
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Client  -> 
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Accept: */*
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Referer: https://
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Accept-Language: en-US
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; MS-RTC LM 8; InfoPath.3)
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Accept-Encoding: gzip, deflate
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Host: 
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Connection: Keep-Alive
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Cookie: JSESSIONID=8mnLPQ1F6hWCs5JL2jqx1pt9FGbBnhRz9p5v2LXNH2yS3KnlhvCn!-721761555
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : WL-Proxy-SSL: true
Mar  2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : =============================================

And the Header log iRule output when I attempt to insert the header via the iRule: 


Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : =============================================
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Client  (request)
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Host: 
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Accept-Language: en-us,en;q=0.5
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Accept-Encoding: gzip, deflate
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Connection: keep-alive
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Cookie: JSESSIONID=wrbfPRQFpZVfJ2x1P78LfnLwyBy9chTyxyNpPLshVDhVNwyY0K0v!-721761555
Mar  2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : =============================================

My previous post had the output of the logger with the wrong http profile associated. Sorry for any confusion.