Payload Manipulation https / http

Question

Hello, 
&nbsp;  
&nbsp; i've got a ssl cert installed on a virtual server, traffic goes to the pool members unencrypted. 
&nbsp;  
&nbsp; im trying to modify the payload of the answer, doing a simple replacement. 
&nbsp;  
&nbsp; when HTTP_RESPONSE_DATA { 
&nbsp; regsub "somestring" [HTTP::payload] "foobar" newdata 
&nbsp; set clen [string length newdata] 
&nbsp; log local0. "$newdata" 
&nbsp; HTTP::payload replace 0 $clen $newdata 
&nbsp; HTTP::release 
&nbsp; } 
&nbsp;  
&nbsp; when im trying to access the page, my firefox tells me the server is using some kind of unknown compression and it can therefore not display the page. 
&nbsp;  
&nbsp; in the f5 logfile i've got just some binary data. 
&nbsp;  
&nbsp; is the http_response_data maybe called after the payload got processed through ssl encryption and so gets destroyed by the replacement? 
&nbsp;  
&nbsp; Any Help would be appreciated :-) 
&nbsp;  
&nbsp; Thanks, Moritz

hoolio · Answer

Hi Moritz, 
  
 I'd suggest using a stream profile and STREAM::expression based iRule to do this instead of trying to buffer the payload with HTTP::collect / HTTP::payload. 
  
 Here is an example:

http://devcentral.f5.com/wiki/default.aspx/iRules/stream__expression 
 when HTTP_RESPONSE { 
  
     Disable the stream filter by default 
    STREAM::disable 
  
     Check if response type is text 
    if {[HTTP::header value Content-Type] contains "text"}{ 
  
        Replace somestring with foobar 
       STREAM::expression "@somestring@foobar@" 
  
        Enable the stream filter for this response only 
       STREAM::enable 
    } 
 }

Aaron

hoolio · Answer

What are the symptoms of the issue?   
&nbsp;  
&nbsp; Do you get a response back from the VIP, but it doesn't have the response rewritten?  If so, you could check the configuration of the stream expression.  It is case sensitive.  Another possibility is that response compression is enabled on the server.  You can either disable it on the server or add code to the iRule to remove the Accept request header.  This prevents the server from sending compressed responses. 
&nbsp;  
&nbsp; Do you get a page cannot be displayed message in the browser?  If so, this is probably indicative of LTM sending a TCP reset to the client.  This could be due to a TCL error.  You can check the /var/log/ltm log file for details. 
&nbsp;  
&nbsp; Else, is there another symptom? 
&nbsp;  
&nbsp; Aaron

moritz_krinke_6 · Answer

Aaron, 
&nbsp;  
&nbsp; got it - after i edited the irule to remove the accept request header like you suggested, it worked - since i had compression enabled on all the servers servern the www-content. 
&nbsp;  
&nbsp; thanks a lot!

Forum Discussion

Payload Manipulation https / http

Recent Discussions

Kerberos Auth is not working after keytab file -

History Current Connections from Local pool Traffic.

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

Related Content

HTTP Payload Collection

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

Help with tcp/http payload irule

Log binary HTTP payload in hex

Log HTTP Request and Response Payload via HSL and Locally

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS