For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Matt_Williamson's avatar
Matt_Williamson
Icon for Nimbostratus rankNimbostratus
Mar 29, 2005

iRule to persist on tcp_content

Hi all, I'm trying to write a rule that will search the first 2500 bytes of tcp_content for the "USERNAME=" string and then persist on the next 7 characters after that. Here is my original attempt. ...
application delivery
dev
devops
iRules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Mar 29, 2005
Ok, you have a couple of problems.

The first is that it appears you have typed the "rule {" portion into the GUI text box. When entering rules in the GUI, you must leave out the "rule {}" part of the rule. You enter the at the top and then enter the rule body (the when statements) in the text box.

When this gets saved into the config file, it then appears with the "rule {...}" part automatically added.

The second problem is how tcp_content now works in 9.0. In order for the tcp_content (which is really now called TCP::payload) to work, you must first specify how much you want to collect. In your case, it appears that you want to collect 2500 bytes. So, a rule that gathers 2500 bytes would look like this: 

 
 when CLIENT_ACCEPTED { 
    TCP::collect 2500 
 } 
 when CLIENT_DATA { 
    set usrid [findstr [TCP::payload] "USERNAME=" 9 "t"] 
    if {$usrid ne ""} { 
       persist uie $usrid 
       log local0. "Persisting $userid" 
    } 
 }

Hope this helps.