svs
Feb 15, 2017Cirrus
iRule Optimization
Hi Folks, a customer is using an iRule, which logs full POST requests, including the passwords of a login in cleartext. He asked me to masquerade the password. Unfortunately I didn't found an eas...
Hi,
I have some comments about your irule:
POST data are not included in HTTP_REQUEST but in HTTP_REQUEST_DATA. when you will have to log these informations, there will be:
if you want to parse only POST data, you can use this irule::
when HTTP_REQUEST {
Collect Post Data to be parsed in HTTP_REQUEST_DATA
if { [HTTP::method] eq "POST" }{
set clength 0
if {[HTTP::header exists "Content-Length"] && [HTTP::header Content-Length] <= 1048576}{
set clength [HTTP::header Content-Length]
} else { set clength 1048576 }
if { [info exists clength] && $clength > 0} { HTTP::collect $clength }
}
}
when HTTP_REQUEST_DATA {
set payload [HTTP::payload]
Convert POST Data to URI with query string to extract password parameter
set password [URI::query "/?$payload" password]
Replace Post
set new_data [string map "password=$password password=[string repeat "*" [string length $password]]" $payload]
}