Forum Discussion
arpydays
Nimbostratus
NimbostratusPassing variables between VSs for an ICAP enabled request.
Hi,
we have a LTM ICAP setup, which uses 2 VSs to handle a request, the HTTP VS and the ICAP internal VS. I'd like to capture information in the ICAP Response headers via a rule on the ICAP VS and pass this to the rule on the HTTP VS and the ASM_REQUEST_END event to create a custom violation this way we can integrate ICAP AV events with other ASM security events. As there will be two irules running on different VSs then local variables won't work and I don't want to use global variables. Is this even feasible?
4 Replies
samstepCirrocumulus
You can store data in tables instead of global variables. Tables are CMP-compatible.
Andras_Kis-SzabMy ICAP-VS iRule with some debug options (ICAP and internal HTTP)
when ICAP_RESPONSE { log local0. "ICAP [HTTP::header value ICAP_UID] ==> [ICAP::status]" if { not ( [ICAP::status] == 200 ) } { foreach aHeader [ICAP::header names] { log local0. "ICAP [HTTP::header value ICAP_UID] $aHeader: [ICAP::header value $aHeader]" } foreach aHeader [HTTP::header names] { log local0. "ICAP [HTTP::header value ICAP_UID] HTTP $aHeader: [HTTP::header value $aHeader]" } } if { [ICAP::header exists X-Violations-Found] } { HTTP::header insert ICAP_VIO [ICAP::header value X-Violations-Found] } else { HTTP::header insert ICAP_VIO "No violations" } if { [ICAP::header exists X-Infection-Found] } { HTTP::header insert ICAP_INF [ICAP::header value X-Infection-Found] } else { HTTP::header insert ICAP_INF "Not infected" } }My VS-SIDE iRule snipp:
set x [] set y [] set z [] set w [] lappend y "description" "Virus found" lappend z "code" [HTTP::header value ICAP_VIO] lappend w "details" [HTTP::header value ICAP_INF] lappend x $y $z $w log local0. "$LogString ICAP $uid AV_BLOCK $x"HTH
- Andras_Kis-Szab
- Andras_Kis-Szab
