Question re: HTTP::retry

Y'know what? Disregard the above. If you're logging the right input values, you're not compressed coming from the pool member.

Try something like this:

when CLIENT_ACCEPTED {
   set trypost 0
   set collected 0
   set retried 0
}

when HTTP_REQUEST {
  if { (! $retried) && ([HTTP::method] equals "GET") && ([string tolower [HTTP::uri]] equals "/tgi/login.tgi") } {
set trypost 1
HTTP::header sanitize "Accept-Encoding Connection Keep-Alive"
HTTP::header insert Connection "close"
  } 
}

when HTTP_RESPONSE {
  if {($trypost) && (! $collected) && (! $retrying) }{
    if {[HTTP::header exists Content-Length] && ([HTTP::header Content-Length] < 100000)} {
       set clength [HTTP::header Content-Length]
    } else {
       set clength 100000
    }
    HTTP::collect $clength
set collected 1
  }
}

when HTTP_RESPONSE_DATA {
  if { ($trypost) && ($collected) && (! $retried) } {
set salt_value [lindex [regexp -all -inline {(ge\" VALUE=\")(.{8})} [HTTP::payload]] 2]
log local0. "salt -> $salt_value"

set response "adminpassword123$salt_value"
log local0. "salted response -> $response"

binary scan [ md5 $response ] H* hexhash
log local0. "md5(hex) of $response -> $hexhash"

HTTP::payload replace 0 [HTTP::payload length] ""
HTTP::retry "POST /tgi/login.tgi HTTP/1.1\r\n Host: 10.10.10.10\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 77\r\n\r\nUsername=admin&Password=&Challenge=&Response=$hexhash"

set trypost 0
set collected 0
set retried 1
  } 
}

Yeah, it doesn't look like some of the other stuff you've seen on HTTP::retry, but most of those are not re-hitting the same pool member, they're going to some other pool or node entirely. What I'm doing here is essentially forcing a close from the browser when a GET request to the login page occurs, then in HTTP_RESPONSE, I'm taking steps to throw away the payload that's been collected before attempting the HTTP::retry.