Forum Discussion
rmd1023
Nimbostratus
NimbostratusiRule to log a specific field in POST data
I'd like to have an irule log the authentication attempts for a web application I have that takes POST data. How do I pull a specific POST parameter out of the http content?
Suppose I have a login page, http://example.com/loginform.html" that will have POST data for "username" and "password". So, right now, I can detect the presence of the 'username' parameter in my submitted form by looking for HTTP::method as "POST" to HTTP::uri "login-form.html" and checking that [HTTP::payload] contains "username". But I'd like to be able to generate a syslog saying "User $username attempted login from [IP::client_addr]:[TCP::client_port]"
How do I best extract that "username" value from the payload data for logging without altering the actual transaction at all?
Thanks!
- Kevin_Stewart
Employee
Please try this:
when HTTP_REQUEST { if { ( [string tolower [HTTP::uri]] equals "/loginform.html" ) and ( [HTTP::method] equals "POST" ) } { HTTP::collect [HTTP::header Content-Length] } } when HTTP_REQUEST_DATA { set username "unknown" foreach x [split [string tolower [HTTP::payload]] "&"] { if { $x starts_with "username=" } { set username [lindex [split $x "="] 1] } } log local0. "User $username attempted login from [IP::client_addr]:[TCP::client_port]" } 
nitassif i want to store temporarily two parameters, how i can store them ?
you can just store them in local variables. they will be available until connection is closed.
The101: iRules 101 - Variables by Colin Walker
https://devcentral.f5.com/articles/-the101-irules-101-variables
