Forum Discussion
JoeK_10405
Nimbostratus
NimbostratusIntercept client request to fix broken app
Breakfix Needed. Client requests causes app to loop and eat all resources, and fix will take some weeks to migrate through to production. So in the meantime, I need to leverage/show off iRules in our Cisco only environment.
Client request:
> OPTIONS /storeWeb/authentication/AuthenticationServlet HTTP/1.1 Current server response:
< HTTP/1.1 401 Unauthorized Required response:
< HTTP/1.1 200 OK
< Allow: GET, HEAD, POST, TRACE, OPTIONS
< Content-Length: 0 Current iRule, which doesn't work:
when HTTP_REQUEST {
if { [HTTP::method] contains "OPTIONS" }
if {[HTTP::uri] contains "/authentication/AuthenticationServlet/"}
{[HTTP::version] eq "1.1" }
{
HTTP::respond HTTP::version 200 noserver
HTTP::header insert Allow: GET, HEAD, POST, TRACE, OPTIONS
}
}
TIA, most appreciated
8 Replies
Nicolas_MenantEmployee
when HTTP_REQUEST { if {[HTTP::method] equals "OPTIONS" } { log local0. "OPTIONS method detected" if {[HTTP::uri] equals "/storeWeb/authentication/AuthenticationServlet"} { log local0. "uri equals /storeWeb/authentication/AuthenticationServlet!" if {[HTTP::version] eq "1.1" } { log local0. "intercept response !" HTTP::respond 200 HTTP::header insert Allow: GET, HEAD, POST, TRACE, OPTIONS } } } }
I added some logging you can check into /var/log/ltm. If it works remove it since it will use more cpu with it (it's just for troubleshooting)
P.S: i couldn't test it so if you have some syntax error don't hesitate to post and i'll try to help- JoeK_10405Thanks for the response.
curl -v -X OPTIONS http://xxx/storeWeb/authentication/AuthenticationServlet * About to connect() to xxx port 80 * Trying 10.0.0.26... connected * Connected to xxx (10.0.0.26) port 80 > OPTIONS /storeWeb/authentication/AuthenticationServlet HTTP/1.1 > User-Agent: curl/7.15.3 (i686-redhat-linux-gnu) libcurl/7.15.3 OpenSSL/0.9.7l zlib/1.1.4 > Host: xxx > Accept: */* > < HTTP/1.0 200 OK < Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive < Content-Length: 0 * Connection 0 to host xxx left intact * Closing connection 0
Log shows the OPTIONS hit, a 200 OK, but not the HTTP::header insert:Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected - CharlesCS
Cirrus
Once you issue an HTTP::respond, it's too late to insert any headers. Fortunately, the HTTP::respond command allows you to directly include headers. Try:HTTP::respond 200 "Allow" "GET, HEAD, POST, TRACE, OPTIONS"
instead of the separate commands. - Nicolas_MenantHi,
in your logging data i don't see the command log local0. "uri equals /storeWeb/authentication/AuthenticationServlet!" being triggered...netiher log local0. "intercept response !"
it means you don't enter in the HTTP::respond Oo but seing your curl response it doesn't make sense ...
did you not insert those specific log command ?
CharlesCS is right, i made a mistake on this, you should try his syntax - JoeK_10405Updated iRule per CharlesCS suggestion:
when HTTP_REQUEST { if {[HTTP::method] equals "OPTIONS" } { log local0. "OPTIONS method detected" if {[HTTP::uri] equals "/xxx/authentication/AuthenticationServlet"} { log local0. "uri equals /xxx/authentication/AuthenticationServlet!" if {[HTTP::version] eq "1.1" } { log local0. "intercept response !" HTTP::respond 200 "Allow" "GET, HEAD, POST, TRACE, OPTIONS" } } } }
And following CURL output:curl -v -X OPTIONS http://xxx/xxx/authentication/AuthenticationServlet * About to connect() to xxx port 80 * Trying 10.0.0.26... connected * Connected to xxx (10.0.0.26) port 80 > OPTIONS /xxx/authentication/AuthenticationServlet HTTP/1.1 > User-Agent: curl/7.15.3 (i686-redhat-linux-gnu) libcurl/7.15.3 OpenSSL/0.9.7l zlib/1.1.4 > Host: xxx > Accept: */* > < HTTP/1.0 200 OK < Allow: GET, HEAD, POST, TRACE, OPTIONS < Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive < Content-Length: 0 * Connection 0 to host xxx left intact * Closing connection 0 
wolfpack_98881You need to combine the HTTP::respond and header insert lines into the single line as noted above.- JoeK_10405Noted. Thanks!
So far so good!!!Jan 16 15:28:26 tmm1 tmm1[1842]: Rule test : OPTIONS method detected Jan 16 15:28:26 tmm1 tmm1[1842]: Rule portal_worddoc_storeweb_test_v2 : OPTIONS method detected Jan 16 15:28:26 tmm tmm[1995]: Rule test : OPTIONS method detected Jan 16 15:28:26 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v2 : OPTIONS method detected Jan 16 15:30:30 tmm tmm[1995]: Rule test : OPTIONS method detected Jan 16 15:30:30 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected Jan 16 15:30:30 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! Jan 16 15:30:30 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! Jan 16 15:31:20 tmm tmm[1995]: Rule test : OPTIONS method detected Jan 16 15:31:20 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected Jan 16 15:31:20 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! Jan 16 15:31:20 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : uri equals /xxx/authentication/AuthenticationServlet! Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : intercept response ! Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! - JoeK_10405Gents all is well.
Thanks for being kind to n00b.
