For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Simon_Knox_1115's avatar
Simon_Knox_1115
Icon for Nimbostratus rankNimbostratus
Apr 12, 2005

Redirect on UNC path

Hello,     I use a iRules to do alot of redirecting based on HTTP header properties like this:     if { [HTTP::uri] contains " text " }   {   [HTTP::redirect ...
application delivery
dev
devops
iRules
JRahm's avatar
JRahm
Icon for Admin rankAdmin
May 06, 2014

Hey guys, not directly the solution, but this should help get there. This was an iRules contest submission several years ago.

This iRule takes an SMB pipe and renames the pipe name at the TCP level. In this case it takes PATH_CACHE_REMOTE_NORM and replaces it with PATH_CACHE_REMOTE_EMER. It works by bitwise replacing data in SMB TCP traffic. You have to enter the data in HEX and DEC format, but other than that the iRule is pretty straight forward.

when CLIENT_ACCEPTED {
  TCP::collect
}
when CLIENT_DATA {
  Stores the beginning and end points of the match in a list.
  if {[regexp -indices "\x50\x00\x41\x00\x54\x00\x48\x00\x5f\x00\x43\x00\x41\x00\x43\x00\x48\x00\x45\x00\x5f\x00\x52\x00\x45\x00\x4d\x00\x4f\x00\x54\x00\x45\x00\x5f\x00\x4e\x00\x4f\x00\x52\x00\x4d\x00" [TCP::payload] firstmatch]} {
    Subtracteds end point from start point and adds one
    Which gives the length of the replacement
    set matchlen [expr {[lindex $firstmatch 1] - [lindex $firstmatch 0] + 1}]
    Replace the original value with the replacement value, which is specified in binary.
    The replacement and original values should be the same length.
    TCP::payload replace [lindex $firstmatch 0] $matchlen [binary format c* {80 0 65 0 84 0 72 0 95 0 67 0 65 0 67 0 72 0 69 0 95 0 82 0 69 0 77 0 79 0 84 0 69 0 95 0 69 0 77 0 69 0 82 0}]
  }
  TCP::release
  TCP::collect
}