For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sanjai_126162's avatar
sanjai_126162
Icon for Nimbostratus rankNimbostratus
Aug 22, 2016

irule to strip the uri after apm completion it has to include the lengthy uri

iRule that will capture the HTTP URI if it is larger than 1098 bytes, then strip the HTTP URI from the HTTP request that is sent to the APM. Once the Access Policy evaluation is completed and the BI...
application delivery
iRules
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Aug 24, 2016

Hi,

you can try this irule (not tested):

when HTTP_REQUEST {
    if {![HTTP::cookie exists "MRHSession"] && [string length [HTTP::uri]] >=4096} {
        binary scan [sha1 [HTTP::uri]] H* output
        table add -subtable APMURI $output [HTTP::uri] 600
        HTTP::uri "/encodeduri/$output"
    }
}


when ACCESS_POLICY_COMPLETED {
    if { ([ACCESS::policy result] equals "allow")} {
        set landinguri [ACCESS::session data get "session.server.landinguri"]
        if  {$landinguri starts_with "/encodeduri/"} {
            set encodeduri [string map { "/encodeduri/" ""} $landinguri]
            ACCESS::respond 302 Location [table lookup -notouch -subtable APMURI $encodeduri] Connection close
        }
    } 
}