Forum Discussion
hooleylist
Feb 23, 2009Cirrostratus
You must decrypt the HTTPS using a client SSL profile in order to inspect/modify the HTTP content. Be aware that the maximum header size in the HTTP profile does not affect the actual requests/responses. The value is just used to determine how many bytes to allocate for buffering header values. The online help shows this:
Maximum Header Size
Specifies the maximum amount of HTTP header data that the system buffers before making a load balancing decision. The default is 32,000 bytes.
If you want to modify LTM's handling of long headers, you could use an iRule. Of course, this assumes the traffic is either HTTP or decrypted HTTPS.
(Modified from http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=32156)
when HTTP_REQUEST {
Loop through each header name
foreach header {[HTTP::header names]}{
Check if header length is greater than 32768 bytes
if {[string length [HTTP::header value $header]] > 32768} {
Log header details
log local0. "Header exceeds 32768! Header Name: $header, Length: [string length [HTTP::header $header]],\
Client: [IP::client_addr], User-Agent: [HTTP::header User-Agent], Value: [HTTP::header $header]"
Send a 400 response
HTTP::respond 400 content "Header value too longHeader value too long"
Close the TCP connection
TCP::close
}
}
}
Keep in mind that that this rule checks every request header's length. It would add load to LTM. If you know that there are just a few headers you want to check, you can limit the checks to those:
when HTTP_REQUEST {
Loop through each header name
foreach header {From If-Modified-Since Referer Content-Type}{
Check if header length is greater than 32768 bytes
if {[string length [HTTP::header value $header]] > 32768} {
Log header details
log local0. "Header exceeds 32768! Header Name: $header, Length: [string length [HTTP::header $header]],\
Client: [IP::client_addr], User-Agent: [HTTP::header User-Agent], Value: [HTTP::header $header]"
Send a 400 response
HTTP::respond 400 content "Header value too longHeader value too long"
Close the TCP connection
TCP::close
}
}
}
Aaron