Forum Discussion
ouch_32572
Nimbostratus
Nimbostratusirule to rewrite steam in request
Hi All,
I have an issue that i have manged to resolve on another Lb (zxtm)
I need help translating my rule into an irule for f5.
how do i rewite the stream on an incomming request (before it gets sent to the pool)
here is my zxtm rule.
Read the entire request body
$body = http.getBody();
$body = string.regexsub( $body, "https://10.104.30.55", "http://10.104.30.55", "gi" );
It is pretty basic,
in english..
i want to get the body of the request and replace https: with http:
here is what i think the rule should look like, is it correct?
when HTTP_REQUEST {
Disable the stream filter by default
STREAM::disable
STREAM::expression "@https://10.104.30.55@http://10.104.30.55@"
Enable the stream filter for this request only
STREAM::enable
}
32 Replies
- JRahm
Admin
your math is fine, but to set the variables it should be:
set x [HTTP::header "Content-Length"]
set y 1 
hoolioCirrostratus
The problem with this is that you'll end up updating the content length header value for every post request--not just the ones that are rewritten. So requests that aren't rewritten will have an invalid content-length and will probably hang with the server waiting for the last byte that never arrives.
I think a better approach is to fix the HTTP::collect attempt. I'm working on a similar issue for rewriting a multipart/form request for a customer this week. If/when I figure out a fix, I'll add an update here.
Aaron- JRahmGood catch, Aaron, honestly, I am suffering from myopia...I only saw the math question in the email and posted back, didn't see the first post nor catch the intent. Doh!
- hooliogharper,
Can you post an anonymised copy of the request(s) which are being corrupted? Are the requests which are being corrupted ones that you want to rewrite? Or are they getting inadvertently modified when trying to rewrite other requests? As I said, I have a customer with a similar issue. I'm hoping to get time to work on their issue tomorrow/early next week. If I figure out a solution for that, I'll post it as a possible solution for your scenario.
Thanks,
Aaron - ouch_32572Hi All,
Yes its only when the payload is rewritten that has the issue... and with that its only binary files that are included in the post that get corrupted. (i uploaded a text file without an issue.)
It all works fine if i post without a file (even with content being rewritten)
I will clean up some headers to send today. - ouch_32572Hi,
Any progress with this? it seems that the regexp does seem to corrupt the binary files that are uploaded? is this likely to be a bug?
HTTP::payload replace 0 [HTTP::payload length] [regsub -all "https://10.104.30.55" [HTTP::payload] "http://10.104.30.55"] - hoolioI was able to fix the customer issue I was working on using regsub to replace nulls "\x00" with spaces "\x20". The other parts of the request were not corrupted.
Can you post an anonymised copy of a request which fails? Are the requests which are being corrupted the ones that you want to rewrite?
Thanks,
Aaron - ouch_32572
Ps
Content-Disposition: form-data; name="webLoc"
https://10.104.30.55/@@347F0B0D0F5059C4DF7761C3268F1949/courses/1/bbsupport/content/_235870_1/embedded/
is where the http https needs to switch - ouch_32572Hi All,
Any more advice on this? Is it a possible bug that is corrupting the stream? - hoolioI don't think the regsub command is corrupting the data due to a bug--I assume it's converting the content to a different encoding which is breaking the application. For the customer I was working with, using hex encoding of the find/replace strings worked well. Can you give this a try?
when RULE_INIT { Log debug messages to /var/log/ltm? (0=none, 1=minimal, 2=verbose) Verbose logging can use a lot of CPU/disk space, so use sparingly in production. set ::rewrite_http_debug 2 Max collection size (in bytes) As the line to rewrite is in the first few hundred bytes, this can be set to lower than the normal 1Mib. set ::max_collect_size 100000 Find value (hex encoded with \x00 format) https:// -> \x68\x74\x74\x70\x3a\x2f\x2f set ::replace "\x68\x74\x74\x70\x3a\x2f\x2f" Replace value (hex encoded with \x00 format) http:// -> \x68\x74\x74\x70\x3a\x2f\x2f set ::find "\x68\x74\x74\x70\x3a\x2f\x2f" } when HTTP_REQUEST { if {$::rewrite_http_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: New [HTTP::method] request to [HTTP::host][HTTP::uri]"} Check for POST request with Content-Type of multipart/* if {[HTTP::method] eq "POST" and [HTTP::header Content-Type] starts_with "multipart"}{ Trigger collection of data if {([HTTP::header exists "Content-Length"]) && ([HTTP::header "Content-Length"] <= $::max_collect_size)}{ set content_length [HTTP::header "Content-Length"] } else { set content_length $::max_collect_size } if { [info exists content_length] } { HTTP::collect $content_length if {$::rewrite_http_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Collecting $content_length bytes"} } } } when HTTP_REQUEST_DATA { Check if POST data contains the parameter name, "webLoc" if {[string first "webLoc" [HTTP::payload]] ne -1}{ if {$::rewrite_http_debug > 1}{ log local0. "[IP::client_addr]:[TCP::client_port]: Found parameter name in payload" } Replace https:// with http:// (with search/replace strings hex-encoded to avoid encoding conversion) HTTP::payload replace 0 [HTTP::payload length] [regsub -all $::find [HTTP::payload] $::replace] } }
Aaron
