For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

svs's avatar
svs
Icon for Cirrostratus rankCirrostratus
Feb 15, 2017

iRule Optimization

Hi Folks,   a customer is using an iRule, which logs full POST requests, including the passwords of a login in cleartext. He asked me to masquerade the password. Unfortunately I didn't found an eas...
application delivery
devops
iRules
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Mar 01, 2017

Hi,

I have some comments about your irule:

POST data are not included in HTTP_REQUEST but in HTTP_REQUEST_DATA. when you will have to log these informations, there will be:

  • [HTTP::request] in HTTP_REQUEST event
  • [HTTP::payload] in HTTP_REQUEST_DATA event

if you want to parse only POST data, you can use this irule::

when HTTP_REQUEST {
     Collect Post Data to be parsed in HTTP_REQUEST_DATA
    if { [HTTP::method] eq "POST" }{
        set clength 0
        if {[HTTP::header exists "Content-Length"] && [HTTP::header Content-Length] <= 1048576}{
          set clength [HTTP::header Content-Length]
        } else { set clength 1048576 }
        if { [info exists clength] && $clength > 0} { HTTP::collect $clength }
    }   
}
when HTTP_REQUEST_DATA {
    set payload [HTTP::payload]
     Convert POST Data to URI with query string to extract password parameter
    set password  [URI::query "/?$payload" password]
     Replace Post 
    set new_data [string map "password=$password password=[string repeat "*" [string length $password]]"  $payload]
}