For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Aug 24, 2020
Solved

Rewrite JSON value.

Dear Experts,   I need to ask if is it possible to inject a value "deviceName": "ESSApp" in the JSON content below if i got the following value in the "formName": "P59MBLVR_W59MBLVRE" value, in m...
application delivery
iRules
LTM
  • Simon_Blakely's avatar
    Simon_Blakely
    Aug 30, 2020
    when HTTP_REQUEST {
  log local0. "starting collect"
      HTTP::collect [HTTP::header Content-Length]
      set clen [HTTP::header Content-Length]
}
when HTTP_REQUEST_DATA {
  binary scan [HTTP::payload] c* throwaway
  set incoming [HTTP::payload]
  log local0. "before: $incoming"
  regsub -all {,   "formName} $incoming {,  {"deviceName":"ESSApp"},  } newdata
  log local0. "new data is $newdata"
  HTTP::payload replace 0 $clen $newdata
  log local0. "after: [HTTP::payload]" 
}
    $ curl -kv https://172.16.0.220/xxx/formservice -d '{"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",   "formName": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }' -H 'Content-Type: application/json; charset=utf-8'
 
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST>: starting collect
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST_DATA>: before: {"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",   "formName": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST_DATA>: new data is {"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",  {"deviceName":"ESSApp"},  ": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST_DATA>: after: {"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",  {"deviceName":"ESSApp"},  ": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }
Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Aug 25, 2020

This should be done from f5 side to the server.

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Aug 30, 2020
    when HTTP_REQUEST {
  log local0. "starting collect"
      HTTP::collect [HTTP::header Content-Length]
      set clen [HTTP::header Content-Length]
}
when HTTP_REQUEST_DATA {
  binary scan [HTTP::payload] c* throwaway
  set incoming [HTTP::payload]
  log local0. "before: $incoming"
  regsub -all {,   "formName} $incoming {,  {"deviceName":"ESSApp"},  } newdata
  log local0. "new data is $newdata"
  HTTP::payload replace 0 $clen $newdata
  log local0. "after: [HTTP::payload]" 
}
    $ curl -kv https://172.16.0.220/xxx/formservice -d '{"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",   "formName": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }' -H 'Content-Type: application/json; charset=utf-8'
 
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST>: starting collect
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST_DATA>: before: {"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",   "formName": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST_DATA>: new data is {"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",  {"deviceName":"ESSApp"},  ": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }
Aug 30 16:07:03 bigip1 info tmm[12235]: Rule /Common/json_modify <HTTP_REQUEST_DATA>: after: {"token":"044VZAliLSXEo2l4Xcv9DFPNLQKbX7p8E3i/Zt+ksskQ+E=MDE5MDA2MjgwOTQzNzQwNjUwMjI4NzM5OUVTU0FwcDE1OTgzNDA4NzQ3NDM=",",  {"deviceName":"ESSApp"},  ": "P59MBLVR_W59MBLVRE",   "returnControlIDs":"39|31|37"  }
    • Muhannad's avatar
      Muhannad
      Icon for Cirrus rankCirrus
      Sep 01, 2020

      Dear Simon,

       

      Thanks for your help.

       

      It is working perfectly except one issue, it is inserting the "deviceName":"ESSApp" in every request thus it is causing issues to other requests, it seems we need to match exactly the "formName": "P59MBLVR_W59MBLVRE" toinsert the {"deviceName":"ESSApp"}

       

      Regards,

      Muhannad

       

    • Muhannad's avatar
      Muhannad
      Icon for Cirrus rankCirrus
      Sep 01, 2020

      How can i matach the "formName": "P59MBLVR_W59MBLVRE" in this IRULE:

      when HTTP_REQUEST {

      log local0. "starting collect"

      HTTP::collect [HTTP::header Content-Length]

      set clen [HTTP::header Content-Length]

      when HTTP_REQUEST_DATA {

      binary scan [HTTP::payload] c* throwaway

      set incoming [HTTP::payload]

      log local0. "before: $incoming"

      regsub -all {, "formName} $incoming {, {"deviceName":"ESSApp"}, } newdata

      log local0. "new data is $newdata"

      HTTP::payload replace 0 $clen $newdata

      log local0. "after: [HTTP::payload]"

      }

       

      Regards,

      Muhannad