Forum Discussion

rmd1023's avatar
rmd1023
Icon for Nimbostratus rankNimbostratus
Oct 09, 2013

iRule to log a specific field in POST data

I'd like to have an irule log the authentication attempts for a web application I have that takes POST data. How do I pull a specific POST parameter out of the http content?

 

Suppose I have a login page, http://example.com/loginform.html" that will have POST data for "username" and "password". So, right now, I can detect the presence of the 'username' parameter in my submitted form by looking for HTTP::method as "POST" to HTTP::uri "login-form.html" and checking that [HTTP::payload] contains "username". But I'd like to be able to generate a syslog saying "User $username attempted login from [IP::client_addr]:[TCP::client_port]"

 

How do I best extract that "username" value from the payload data for logging without altering the actual transaction at all?

 

Thanks!

 

  • Please try this:

    when HTTP_REQUEST {
        if { ( [string tolower [HTTP::uri]] equals "/loginform.html" ) and ( [HTTP::method] equals "POST" ) } {
            HTTP::collect [HTTP::header Content-Length]
        }
    }
    when HTTP_REQUEST_DATA {
        set username "unknown"
        foreach x [split [string tolower [HTTP::payload]] "&"] {
            if { $x starts_with "username=" } {
                set username [lindex [split $x "="] 1]
            }
        }
        log local0. "User $username attempted login from [IP::client_addr]:[TCP::client_port]"
    }