Forum Discussion
hooleylist
Sep 28, 2010Cirrostratus
So nothing gets logged at all when you add this iRule to a virtual server with a client SSL profile enabled? Can you add some debug logging to CLIENT_ACCEPTED to check that the TCP connection from the client to the SSL VS has been established and in HTTP_REQUEST to see whether the criteria for collecting they payload is being met?
Also, you should add logic to prevent the iRule from trying to collect more than 4Mb of data as this will cause TMM to crash. You can check this solution for details:
SOL6578: TMM will crash if an iRule collects more than 4MB of data
http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6578.html
And here is an example of restricting the payload collection:
From: http://devcentral.f5.com/wiki/default.aspx/iRules/CreditCardScrubber.html
Only check responses that are a text content type (text/html, text/xml, text/plain, etc).
if { [HTTP::header "Content-Type"] starts_with "text/" } {
Get the content length so we can collect the data (to be processed in the HTTP_RESPONSE_DATA event)
Limit collection to 1Mb (1048576 minus a little to spare) - See SOL6578 for details
if { [HTTP::header exists "Content-Length"] } {
if { [HTTP::header "Content-Length"] > 1048000 }{
Content-Length over 1Mb so collect 1Mb
set content_length 1048000
} else {
Content-Length under 1Mb so collect actual length
set content_length [HTTP::header "Content-Length"]
}
} else {
Response did not have Content-Length header, so use default of 1Mb
set content_length 1048000
}
Don't collect content if Content-Length header value was 0
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
Aaron