Forum Discussion
Mango_LearnToUserF5
Nimbostratus
NimbostratusIrule Check payload contains
Hi Everyone, i have a request payload like this: POST /webconsole/api/security/auth/login HTTP/1.1 Host: Connection: keep-alive Content-Length: 58 sec-ch-ua: "Chromium";v="122", "Not(A:Bra...
OCD_JAXNimbostratus
NimbostratusHello,
You must first collect the payload when if matches the path then during the request_data event you can inspect the payload and do action
From HTTP::collect example https://clouddocs.f5.com/cli/tmsh-reference/v15/modules/ltm/ltm_rule_command_HTTP_collect.html
Might i also suggest instead of dropping the login attempt why not do a "fake" HTTP::respond (and log attempt) instead that looks similar to your app, so the actor is unaware that their attempt isnt actually going to the server, just a tought :)
when HTTP_REQUEST {
if {[HTTP::method] eq "POST"}{
# Trigger collection for up to 1MB of data
if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
# Check if $content_length is not set to 0
if { $content_length > 0} {
HTTP::collect $content_length
}
}
}
when HTTP_REQUEST_DATA {
# do stuff with the payload
set payload [HTTP::payload]
}