Forum Discussion
gerald_wegener_
Nimbostratus
NimbostratusQuestion about the posted SocialSecurity Scrubber
For the iRule you have posted for finding/scrubbing social security numbers is it necessary to calculate $ssn_len since it seems that based on the regexp the length would always be 11?
In the exerpt below would it be OK to eliminate the line:
-> set ssn_len [expr {[lindex $ssn_idx 1] - $ssn_start + 1}]
and replace $ssn_len with 11 in the payload replace line:
-> HTTP::payload replace $ssn_start 11 "xxx-xx-xxxx"
Are there cases where the $ssn_len would not be 11?
Thank You.
Exerpt from SSN scrubber:
when HTTP_RESPONSE_DATA {
Find the SSN numbers
set ssn_indices [regexp -all -inline -indices {\d{3}-\d{2}-\d{4}} [HTTP::payload]]
Scrub the SSN's from the response
foreach ssn_idx $ssn_indices {
set ssn_start [lindex $ssn_idx 0]
set ssn_len [expr {[lindex $ssn_idx 1] - $ssn_start + 1}]
HTTP::payload replace $ssn_start $ssn_len "xxx-xx-xxxx"
- That code was lifted from the Credit Card Scrubber rule which has variable lengths. I don't see any problem in hard coding the length to 11 as that is the length of the regular expression string that is being matched.
-Joe 
gerald_wegener_Hi,
Regarding the posted Credit Card Scrubber iRule is there a work-around where connections do not need to be forced to HTTP1.0 due to chunking issues? Also in general we do not want to force to connections to HTTP1.0
When the CC iRule is running with compression enabled we are running to problems (in our lab testing) - basically our tests fail. If I comment out the HTTP1.0 related lines in the iRule everything works OK, as follows:
when HTTP_REQUEST {
Don't allow data to be chunked
if { [HTTP::version] eq "1.1" } {
if { [HTTP::header is_keepalive] } {
HTTP::header replace "Connection" "Keep-Alive"
}
HTTP::version "1.0"
}
}
when HTTP_RESPONSE {
Only check responses that are a text content type
(text/html, text/xml, text/plain, etc).
if { [HTTP::header "Content-Type"] equals "text/html" } {
Get the content length so we can request the data to be
processed in the HTTP_RESPONSE_DATA event.
if { [HTTP::header exists "Content-Length"] } {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 4294967295
}
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
}
when HTTP_RESPONSE_DATA {
Find ALL the possible credit card numbers in one pass
set card_indices [regexp -all -inline -indices {(?:3[4|7]\d{13})|(?:4\d{15})|(?:5[1-5]\d{14})|(?:6011\d{12})} [HTTP::payload]]
foreach card_idx $card_indices {
set card_start [lindex $card_idx 0]
set card_end [lindex $card_idx 1]
set card_len [expr {$card_end - $card_start + 1}]
set card_number [string range [HTTP::payload] $card_start $card_end]
set double [expr {$card_len & 1}]
set chksum 0
set isCard invalid
Calculate MOD10
for { set i 0 } { $i < $card_len } { incr i } {
set c [string index $card_number $i]
if {($i & 1) == $double} {
if {[incr c $c] >= 10} {incr c -9}
}
incr chksum $c
}
Determine Card Type
switch [string index $card_number 0] {
3 { set type AmericanExpress }
4 { set type Visa }
5 { set type MasterCard }
6 { set type Discover }
default { set type Unknown }
}
If valid card number, then mask out numbers with X's
if { ($chksum % 10) == 0 } {
set isCard valid
HTTP::payload replace $card_start $card_len [string repeat "X" $card_len]
}
Log Results
log local0. "Found $isCard $type CC $card_number"
}
log local0. "ccn irule is running"
}
===================================
The problem may be related to this and/or other bugs but in general we would like to eliminate the need to force to HTTP1.0-
SOL7207: Known Issue: When using compression in an HTTP profile, the BIG-IP LTM system may not properly close some HTTP/1.0 connections https://tech.f5.com/home/solutions/sol7207.html
Thank You.
