Forum Discussion
NimbostratusProblem with TCL in payload check
Hello,
First - sorry for my bad english.
Second - I must write iRule which allow login in "normal mode" for some users (identified by 'kod_swd') and block for others (or redirect to loginservice which has limited access).
iRule works perfectly when it comes to log events, but not works when it comes to rest of rule (browser can not display the webpage, diagnose connection problem).
I've in log (from one login attempt):
TCL error: /Common/http_ws_local_loginservice - invalid command name "}" while executing "}" (it is Status Code: 01220001)
Rule /Common/http_ws_local_loginservice : IP_usera: 10.112.10.155 ; kod_swd: 120%2F000000 ; uzytkownik: test - Logowanie dopuszczalne.
Here is iRule:
when HTTP_REQUEST {
if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] < 1048577 } {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
HTTP::collect $content_length
}
when HTTP_REQUEST_DATA {
if { [IP::addr [IP::client_addr] equals 10.112.10.155] } { it's my IP for testing
set lurl [HTTP::uri]
set lurl [string tolower $lurl]
if { ($lurl equals "/clo_ws/login.aspx?returnurl=%2fclo_ws%2fdefault.aspx") or ($lurl equals "/clo_ws/") or ($lurl equals "/clo_ws/login.aspx") } { urls to check
set kod_swd [findstr [HTTP::payload] "ctl00%24ContentPlaceHolder1%24txtKodSwiadcz" 44] find kod_swd and login for log
set kod_s [substr $kod_swd 0 "&ctl00%24ContentPlaceHolder1%24txtId"]
set login [findstr [HTTP::payload] "ctl00%24ContentPlaceHolder1%24txtId" 36]
set user [substr $login 0 "&ctl00%24ContentPlaceHolder1%24txtSinakeValue"]
if { ($kod_s equals "120%2F000000") or ($kod_s equals "120%2F000001") } { check if kod_swd is allowed and write to the log
log local0. "IP_usera: [IP::client_addr] ; kod_swd: $kod_s ; uzytkownik: $user - Logowanie dopuszczalne."
HTTP::release
} else {
HTTP::respond 200 content "Brak mozliwosci zalogowania na swiadczeniodawce w trybie innym niz serwisowy." trying to take info or redirect and write to the log
HTTP::redirect "https://[HTTP::host]/clo_ws/loginservice.aspx"
log local0. "IP_usera: [IP::client_addr] , kod_swd: $kod_s , uzytkownik: $user - Logowanie zabronione."
}
}
}
}
}
Yesterday the whole day trying to solve this problem, but I could not fix or find a solution on google / DevCentral. Help please.
1 Reply
wi_Tek_122810Old code was too complicated 😉
New - works perfectly (witch extra logging).
I was made two classes with urls and kod_swd.
when HTTP_REQUEST { if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] < 1048577 } { set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } HTTP::collect $content_length set collected 0 set lurl [string tolower [HTTP::uri]] set usrip [IP::client_addr] log local0.warn "REQ $usrip ; $lurl" } when HTTP_REQUEST_DATA { if { ([IP::addr 10.112.0.0/16 equals [IP::client_addr]]) and ([class match $lurl equals "ws_login_url"]) } { set kod_swd [substr [findstr [HTTP::payload] "ctl00%24ContentPlaceHolder1%24txtKodSwiadcz" 44] 0 "&ctl00%24ContentPlaceHolder1%24txtId"] set user [substr [findstr [HTTP::payload] "ctl00%24ContentPlaceHolder1%24txtId" 36] 0 "&ctl00%24ContentPlaceHolder1%24txtSinakeValue"] log local0.warn "REQ_DATA $usrip ; $lurl ; $kod_swd ; $user" if { [class match $kod_swd eq "ws_login_swd"] } { HTTP::release log local0.warn "REQ_DATA - jest ok $usrip ; $lurl ; $kod_swd ; $user" } else { HTTP::redirect "https://[HTTP::host]/clo_ws/loginservice.aspx" log local0.warn "REQ_DATA - redirect $usrip ; $lurl ; $kod_swd ; $user" } } }Maybe it helps somebody.
