Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

DFeike_160744's avatar
DFeike_160744
Icon for Nimbostratus rankNimbostratus
Jul 09, 2015

iRule to check for strings in xml

Hi guys, i am currently struggling to build the correct syntax to do the following. I have http requests which contain a good amount of XML. Here is an extract from a pcap. ---snip POST /TestSe...
application delivery
devops
irules
LTM
microsoft
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 09, 2015

Well technically you're code might look something like this:

 

when HTTP_REQUEST {    
    if { [HTTP::header exists Content-length] }        
        HTTP::collect [HTTP::header Content-Length]
    } else {        
        drop
    }
}    
when HTTP_REQUEST_DATA {    
    if { ( [HTTP::payload] contains "MessageID" ) and ( [HTTP::payload] contains "MachineName" ) } {        
         good request
    } else {        
        drop
    }
}

The above should very specifically limit access to only requests that have a Content-Length header and contain these two values in the payload. But...

 

The example request you give is part of a 100-continue, which usually implies another request is coming with the rest of the payload. Are you certain, from captures, that every request has these two values? Will these values be in the very first requests?