For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gerald_wegener_'s avatar
gerald_wegener_
Icon for Nimbostratus rankNimbostratus
Jul 11, 2005

Regsub always returns a 1 never 0

I've tried running the script that is posted which uses regsub to search for Social Security Numbers in the form xxx-xx-xxxx. I've tried several different permuations of this but can never get anythin...
application delivery
dev
devops
iRules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Jul 13, 2005
Here is an improved example of the SSN scrubber which uses regexp -indices to only replace the specific portions of the payload. This has significantly better performance (I also changed the check for matching uris to use a class instead of a single if check):


class scrub_uris {
   "/cgi-bin",
   "/account"
}
rule ssn_scrubber {
   when HTTP_REQUEST {
      if { [matchclass [HTTP::uri] starts_with $::scrub_uris] } {
         set scrub_content 1
          Don't allow data to be chunked
         if { [HTTP::version] eq "1.1" } {
            HTTP::version "1.0"
         }
      } else {
         set scrub_content 0
      }
   }
   when HTTP_RESPONSE {
      if { $scrub_content } {
         if { [HTTP::header exists "Content-Length"] } {
            set content_length [HTTP::header "Content-Length"]
         } else {
            set content_length 4294967295
         }
         if { $content_length > 0 } {
            HTTP::collect $content_length
         }
      }
   }
   when HTTP_RESPONSE_DATA {
       Find the SSN numbers
      set ssn_indices [regexp -all -inline -indices {\d{3}-\d{2}-\d{4}} [HTTP::payload]]
       Scrub the SSN's from the response
      foreach ssn_idx $ssn_indices {
         set ssn_start [lindex $ssn_idx 0]
         set ssn_len [expr {[lindex $ssn_idx 1] - $ssn_start + 1}]
         HTTP::payload replace $ssn_start $ssn_len "xxx-xx-xxxx"
      }
   }
}