For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sanjai_126162's avatar
sanjai_126162
Icon for Nimbostratus rankNimbostratus
Aug 22, 2016

irule to strip the uri after apm completion it has to include the lengthy uri

iRule that will capture the HTTP URI if it is larger than 1098 bytes, then strip the HTTP URI from the HTTP request that is sent to the APM. Once the Access Policy evaluation is completed and the BI...
application delivery
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Aug 28, 2016

Hi Sanjai,

to bypass the URI length limitations of APM, you have to use a Virtual-to-Virtual setup and then copy/restore the long URI into/from a custom HTTP header. Unfortunately this needs to be done on every single web request and not just during APM policy processing.

EXTERNAL_VIRTUAL 

when HTTP_REQUEST {
    if { [string length [HTTP::uri]] >  4095 } then {
        HTTP::header insert "LONG_HTTP_URI" [HTTP::uri]
        HTTP::uri "/long_http_uri"
        virtual LONG_URI_VIRTUAL
    } else {
        pool site.domain.net
    }
}
when ACCESS_SESSION_STARTED {
    if { [HTTP::header value "LONG_HTTP_URI"] ne "" } then {
        ACCESS::session data set "session.server.landinguri" [HTTP::header value "LONG_HTTP_URI"]   
    }
}

Note: You can store long URI into the landinguri session variable. Its just the APM HUD filter that need to become tricked out...

LONG_URI_VIRTUAL

when HTTP_REQUEST {
    if { [HTTP::header value "LONG_HTTP_URI"] ne "" } then {
        HTTP::uri [HTTP::header value "HTTP_URI"]
        HTTP::header remove "HTTP_URI"
    }
    pool site.domain.net
}

Cheers, Kai