Modifying HTTP REQUEST DATA

Question

Hello guys. 
&nbsp;  
&nbsp;  
&nbsp; Every iRule I've made that need to access HTTP_RESPONSE_DATA I used the following code: 
&nbsp;  
&nbsp;  
 when HTTP_REQUEST { 
     No Chunk 
    if { [HTTP::version] eq "1.1" } { 
       if { [HTTP::header is_keepalive] } { 
          HTTP::header replace "Connection" "Keep-Alive" 
       } 
       HTTP::version "1.0" 
    } 
 } 
  
 when HTTP_RESPONSE { 
    if { [HTTP::header exists "Content-Length"] } { 
       set content_length [HTTP::header "Content-Length"] 
    } else { 
       set content_length 1000000000 
    } 
    if { $content_length &gt; 0 } { 
       HTTP::collect $content_length 
    } 
 } 
  
 when HTTP_RESPONSE_DATA { 
    log local0. "[HTTP::payload]" 
    HTTP::release 
 } 
  
&nbsp;  
&nbsp; But now I have to access the HTTP_REQUEST_DATA instead. The irule I've made looks like this one: 
&nbsp;  
&nbsp;  
 when HTTP_REQUEST { 
     No Chunk 
    if { [HTTP::version] eq "1.1" } { 
       if { [HTTP::header is_keepalive] } { 
          HTTP::header replace "Connection" "Keep-Alive" 
       } 
       HTTP::version "1.0" 
    } 
  
     Colect Content_length 
    set clen [HTTP::header Content-Length] 
    if { not [info exists clen] or "" eq $clen } { 
       set clen 1000000000 
    } 
    HTTP::collect $clen  
 } 
  
 when HTTP_REQUEST_DATA { 
    log local0. "[HTTP::payload]" 
    HTTP::release 
 } 
  
&nbsp;  
&nbsp; It is working for the majority of the customers but some customers are complaining about not being able to reach WebServices (SOAP/XML). Their logs show connection reset. 
&nbsp;  
&nbsp; The question is: Do I have to make a HTTP::version check at the HTTP_REQUEST even though I'm just interested in the HTTP_REQUEST_DATA? What might be the problem here? 
&nbsp;  
&nbsp;  
&nbsp; Thanks for helping me. 
&nbsp;

hoolio · Answer

When the TCP reset is sent to the client, do you see a TCL error logged to /var/log/ltm?  If not, can you add logging to the iRule to see which event the reset is being sent during? 
&nbsp;  
&nbsp; And what are you doing with the content?  If you're modifying the content, you could use a stream profile and STREAM::expression based iRule (Click here) to do it more efficiently.  If you're making a load balancing decision, then you'll need to collect the payload. 
&nbsp;  
&nbsp; Aaron

eduardo_saito_1 · Answer

Thanks for the reply hoolio.

The only irule error I see is this one, but I have only this single entry in ltm log and he customer made several attempts.  
  irule_log  - Illegal argument (line 25)     invoked from within "HTTP::collect $clen"  
    
  The title is wrong I'm not modifying the HTTP Payload actually I'm using HTTP::payload for logging and statistics. Sorry about this.  
    
  Do you think HTTP::version part is correct even though I'm interested only in the HTTP_REQUEST_DATA?  
    
  Regarding logging TCP resets from this client I've made this iRule but I need to put it on a test environment.

when CLIENT_ACCEPTED {  
     if { [IP::addr [IP::client_addr] equals 200.200.200.200] } {  
        log local0. "Just the client I want to debug: 200.200.200.200."  
        set debug 1  
     }  
  }  
    
  when HTTP_REQUEST {   
      No Chunk   
     if { [HTTP::version] eq "1.1" } {   
        if { [HTTP::header is_keepalive] } {   
           HTTP::header replace "Connection" "Keep-Alive"   
        }   
        HTTP::version "1.0"   
     }   
    
      Colect Content_length   
     set clen [HTTP::header Content-Length]   
     if { not [info exists clen] or "" eq $clen } {   
        set clen 1000000000   
     }   
     HTTP::collect $clen   
  }   
    
  when HTTP_REQUEST_DATA {   
     if { $debug == 1 }{  
        log local0. "Here comes the HTTP REQUEST PAYLOAD for 200.200.200.200..."  
        log local0. "[HTTP::payload]"   
     }  
     HTTP::release   
  }   
    
  when HTTP_RESPONSE {  
     if { [HTTP::header exists "Content-Length"] } {  
        set content_length [HTTP::header "Content-Length"]  
     } else {  
        set content_length 1000000000  
     }  
     HTTP::collect $content_length  
  }  
    
  when HTTP_RESPONSE_DATA {  
     if { $debug == 1 }{  
        log local0/ "Here comes the HTTP RESPONSE PAYLOAD for 200.200.200.200..."  
        log local0. "[HTTP::payload]"   
     }  
     HTTP::release   
  }  
    
  when CLIENT_CLOSED {  
     if { $debug == 1 }{  
        log local0. "Client 200.200.200.200 getting disconnected..."  
     }  
  }

Thanks again!

hoolio · Answer

It would add significant overhead to collect the request/response for every client if you only want to log the payloads for one client.  You should check if debug is set to 1 before modifying the version or collecting.   
&nbsp;  
&nbsp; You should also add a check to see if the request is a POST (or other methods which may have a payload). 
&nbsp;  
&nbsp; Can you add logging to the iRule and compare the log output from a failure and a success?  Specifically, what is the value of $clen before you get the TCL error?  Is it 0?  You should add another check to see that $clen is greater than 0 before trying to collect the payload. 
&nbsp;  
&nbsp; Aaron 
&nbsp;  &nbsp;

Forum Discussion

Modifying HTTP REQUEST DATA

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Related Content

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

Handling HTTP Requests on an HTTPS Virtual Server

HTTP Request Throttle

iRule to take cookie from HTTP Response into HTTP Request via table

iRule to modify a content-security-policy header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS