Forum Discussion
FraserK_151071
Nimbostratus
NimbostratusiRule catching HTTP_REQUEST made to other Virtual Server
I'm experiencing a problem with apparently conflicting LTM iRules.
I have two Virtual Servers set up (let's name one
VS_TESTVS_PREPiRule_TESTiRule_PREPPOOL_TESTPOOL_PREPHTTP GETAllowDenyNormally these iRules behave correctly. A request made to
VS_TESTiRule_TESTPOOL_TESTThere is a second type of request made to the Virtual Servers, let's call these password requests as they retrieve a password that is randomly generated by the server. I need to intercept the response by the sever and extract the password, and then send it to the same application as before. I add
HTTP_RESPONSEHTTP_RESPONSE_DATAHowever, when I add
HTTP_RESPONSEHTTP_RESPONSE_DATAFor example, if I update
iRule_TESTiRule_PREP- Requests made to
are handled byVS_TESTiRule_TEST
sends the data of the request to the single node iniRule_TEST
!POOL_PREP- Requests made to
are handled byVS_PREP
and the data of the request is sent to the single node iniRule_PREP
, as expected.POOL_PREP
How is this possible when both
POOL_TESTiRule_TESTiRule_TESTwhen RULE_INIT {
set ip:port of destination node (specific to TEST)
set static::serveripport "192.168.10.80:80"
}
when HTTP_REQUEST {
if {([HTTP::query] starts_with "message=")} {
This is a request we want to intercept
log local0. "Raw request: [HTTP::query]"
Extract the actual message
regexp {(message\=)(.*)} [HTTP::query] -> garbage query
Connect to node. Use catch to handle errors. Check if return value is not null.
if {[catch {connect -timeout 1000 -idle 30 -status conn_status $static::serveripport} conn_id] == 0 && $conn_id ne ""} {
Send TCP payload to application
set data "GET /Service.svc/checkmessage?message=$query"
set send_info [send -timeout 1000 -status send_status $conn_id $data]
Receive reply from application
set recv_info [recv -timeout 1000 -status recv_status $conn_id]
Allow or deny request based on application response
if {$recv_info contains "Allow"} {
pool POOL_TEST
} elseif {$recv_info contains "Deny"} {
reject
}
Tidy up
close $conn_id
} else {
reject
}
}
}
Update below
when HTTP_RESPONSE {
Collect all 200 responses
if {[HTTP::status == 200} {
set content_length [HTTP::header "Content-Length"]
HTTP::collect $content_length
}
}
when HTTP_RESPONSE_DATA {
if {[catch {binary scan [HTTP::payload] H* payload_hex} error] ne 0} {
log local0. "Error whilst binary scanning response: $error"
} else {
if {some hex string matches} {
collect password from response and set to $password
Connect to node. Use catch to handle errors. Check if return value is not null.
if {[catch {connect -timeout 1000 -idle 30 -status conn_status $static::serveripport} conn_id] == 0 && $conn_id ne ""} {
Send TCP payload to application
set data "GET /Service.svc/submitresponse?password=$password"
set send_info [send -timeout 1000 -status send_status $conn_id $data]
Tidy up
close $conn_id
}
}
HTTP::release
}
iRule_PREPPOOL_TESTstatic::serveripportset static::serveripport "192.168.10.80:80"The above variable is global, static, and is evaluated each time the irule is updated, or whenever tmm starts (See Rule_Init ).
I hope that you haven't used the same name in both of your irules?
set static::serveripport "192.168.10.80:80"The above variable is global, static, and is evaluated each time the irule is updated, or whenever tmm starts (See Rule_Init ).
I hope that you haven't used the same name in both of your irules?
set static::serveripport "192.168.10.80:80"The above variable is global, static, and is evaluated each time the irule is updated, or whenever tmm starts (See Rule_Init ).
I hope that you haven't used the same name in both of your irules?
FraserK_151071D'oh! Yes I did. Thanks so much! :$