Forum Discussion

Louis27's avatar
Louis27
Icon for Nimbostratus rankNimbostratus
Jun 09, 2022

Remove values in the payload

Hello, I am new to the F5 iRules. I need to remove all the values of '<pan>' in the 'HTTP::payload', either remove all the tags '<pan>' too. The structure is as below.  This '<pan>' can exsit o...
announcement
application delivery
devops
event
security
Louis27's avatar
Louis27
Icon for Nimbostratus rankNimbostratus
Jun 13, 2022

Hello JRahm,  Thanks for your response. 

What I want to do is the second one as you mentioned. 
I have tried 'html content' with this article https://support.f5.com/csp/article/K99872325, it doesn't work. It seems that 'html content profile' is only for modify HTML content sent in responses from the back-end servers. 

What I want is to modify the request . Do you have any suggestion about  that?

By the way, the request is in the format xml SOAP as below:

 

<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
    <Body>
            <cardsData>
                <card>
                    <expDate>[string]</expDate>
                    <pan>
                        <plainPan>[string?]</plainPan>
                    </pan>
                </card>
                <card>
                    <expDate>[string]</expDate>
                    <pan>
                        <plainPan>[string?]</plainPan>
                    </pan>
                </card>
               can exist serveral cards
    </Body>
</Envelope>

 

Thank you in advance.

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jun 13, 2022

Try this stream profile on your virtual server:

ltm profile stream pantest_stream {
    app-service none
    chunking enabled
    defaults-from stream
    target @<pan>(.*\?)<\\/pan>@@
}

My test request on the clientside of BIG-IP:

And on the server-side:

Ignore the card(n) and string(n)...I added those while troubleshooting my failed attempts! 🙂

  • Louis27's avatar
    Louis27
    Icon for Nimbostratus rankNimbostratus
    Jun 14, 2022

    Hello, JRahm Thanks again for your reponse, you are so warm hearted.

    I didn't find the way your created stream.

     

    ltm profile stream pantest_stream {
    app-service none
    chunking enabled
    defaults-from stream
    target @<pan>(.*\?)<\\/pan>@@
}

     

    I've tried my side with graphic configuration stream as below:

    source I put '<pan>(.*\?)<\\/pan>', and nothing for target. chunk deactivated.

    and then activate this stream profile dans virtuel server like this:

    After that I checked the data receieved on the server side, it doesn't change anything. There is still 'pan'. Do I miss anything?

    PS: 'plainPanRemoved' is done by our app to remove sensitive data.

    I also tried with iRules,  the back-end throws directly 'Error reading XMLStreamReader'.

     

    when HTTP_REQUEST {
	# Verify Content-length, POST, URI
    if { [HTTP::header exists Content-length] and [HTTP::method] equals "POST" and [string tolower [HTTP::uri]] contains "/endPointName"}{
	
		# Verify if the request is CreateWalletReq 
		if { [HTTP::payload] contains "<CreateWalletReq"} {        
		
	   # Remove PAN
            STREAM::expression {@<pan>(.*\?)<\\/pan>@@}
	    STREAM::enable

		}
	}
}


when HTTP_RESPONSE {
    STREAM::disable
}

     


    Thanks again.

     

     

     

     

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin
      Jun 14, 2022

      If entering the string in the GUI, you shouldn't need the additional backslash, it should just be:

       

      @<pan>(.*\?)<\/pan>@@

       

       If you are NOT needing the plainPan tags (and enclosed content) removed, then this is not what you want. You will likely just want:

       

      @<pan>@@ @<\/pan>@@