For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Habib_Ulla_Khan's avatar
Habib_Ulla_Khan
Icon for Nimbostratus rankNimbostratus
Nov 22, 2016

Payload change if request is from specific IP/IP range

Hi All,

 

I am using irule to change the payload and i am able to see content is getting changed. Below is the irule. I want to change payload only when request is coming from a specific IP address. Kindly tell me how can i achieve it.

 

Irule currently in use.

 

when HTTP_REQUEST { HTTP::header remove "Accept-Encoding" switch [string tolower [HTTP::host]] { "123.domain.com" { pool 123-pool-tcp443 } "456.domain.com" { pool 456-pool-tcp443 } }} when HTTP_RESPONSE { if { [HTTP::header Content-Type] contains "text/xml" } { if { [HTTP::header exists "Content-Length"] } { set content_length [HTTP::header "Content-Length"] } else { set content_length 1000000 } if { $content_length > 0 } { HTTP::collect $content_length } } } when HTTP_RESPONSE_DATA { HTTP::payload replace 0 $content_length [string map {"InstallApplication" " "} [HTTP::payload]] HTTP::release }

 

application delivery
iRules
LTM

1 Reply

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Nov 22, 2016

    Hi Habib Ulla Khan,

    you may take a look to the iRule below. It uses a slightly optimized HTTP::collect syntax with some added notes and also the requested filtering of specific client IP addresses by setting a 

    $replace_content
    variable during 
    CLIENT_ACCEPTED
    event. 

    when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] equals "10.10.10.0/24"] } then {
        set replace_content 1
    } else {
        set replace_content 0
    }
}
when HTTP_REQUEST { 
    if { $replace_content } then {

         Note: Its recommended use a HTTP-Compression profile instead of 
               the HTTP::header remove "Accept-Encoding" command below. 
               Using a HTTP-Compression profile allows you to remove 
               the Accept-Encoding header on the server side (required  
               for content replacements) without losing the ability to 
               compress the content on the client side.

        HTTP::header remove "Accept-Encoding" 

        switch -exact -- [string tolower [HTTP::host]] { 
            "123.domain.com" { 
                pool 123-pool-tcp443 
            } 
            "456.domain.com" { 
                pool 456-pool-tcp443 
            } 
        }   
    }
} 
when HTTP_RESPONSE {
    if { ( $replace_content )
     and ( [HTTP::header Content-Type] contains "text/xml" )
     and ( [HTTP::header "Content-Length"] > 0 ) } then {

         Note: Triggering a HTTP::collect "lenght" larger then the total 
               payload length will stall your connection. So just check an 
               upper limit of e.g. 1Mbyte and enforce that limit if the 
               Content-Length exceeds the limit.

        if { [HTTP::header "Content-Length"] <= 1048576} then {
            HTTP::collect [HTTP::header "Content-Length"]
        } else {
            HTTP::collect 1048576
        }
    }
} 
when HTTP_RESPONSE_DATA {
    if { $replace_content } then {
        HTTP::payload replace 0 [HTTP::payload length] [string map {"InstallApplication" " "} [HTTP::payload]] 
        HTTP::release 
    }
}

    Cheers, Kai