Forum Discussion

Aantat's avatar
Aantat
Icon for Cirrus rankCirrus
Jan 16, 2023

Send a POST API Request via iRule

Hello team.

Help me please with sending a POST api request via iRule. What I want is somethink like this:

 

 

 

when ASM_REQUEST_VIOLATION {
    *I don't know what command should be here* "POST /sample/post/json%0A HTTP/1.0\n
Host: test.com\n {Client_address: IP::client_addr}"
 }

 

 

or just:

 

when ASM_REQUEST_VIOLATION {
    *send via API to another host* "Client_address= IP::client_addr"
 }

 

So the main goal is send Client Address from Violation event to another host via API. Is it possible to do something like that?

application delivery
security
  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus
    Jan 17, 2023

    send POST method should use the iRules sideband method. The difficulty is whether your server POST does not require username, password or Token authentication about F5?

    https://clouddocs.f5.com/api/irules/SIDEBAND.html 

    firstly, F5 whether can ping NGFW and telnet NGFW 80(assume NGFW api service port is 80)?

    secondly, if F5 can not telnet NGFW 80,  F5 need to add network route to NGFW, make sure F5 can telnet NGFW 80

    here is the http post api code(NGFW api service mode does not work in https://xxxx mode), NGFW(example NGFW ip is 10.0.0.10, api service port is 80) with no authentication for POST 

     

     

     

    when ASM_REQUEST_DONE priority 500 {
    set asm_ip [ASM::client_ip]
    set asm_json "\{\"Client_address\":$asm_ip\}"
    set content_length [string length $asm_json]
    set data "POST /sample/post/json HTTP/1.0\r\nHost: test.com\r\nContent-type: application/json\r\nContent-Length: ${content_length}\r\n\r\n${asm_json}"
    if { [catch {connect -time 1000 -idle 30 -status conn_status 10.0.0.10:80} conn_id] == 0 && $conn_id ne "" } {
        log local0. "Connect returns: $conn_id and conn status: $conn_status"
        set send_bytes [send -timeout 1000 -status send_status $conn_id $data]
        log local0. "Sent $send_bytes with status $send_status"
        close $conn_id
        return
    } else {
        log local0. "Connection could not be established to NGFW"
        return
    }
}

     

     

     

    • CA_Valli's avatar
      CA_Valli
      Icon for MVP rankMVP
      Jan 17, 2023

      I agree with the other MVP's here, sideband works like a charm - just yesterday I was deploying a new service that needs to trigger an API connection to an external database to retrieve some info that I use to distribute the packet, and I'm using sideband for that.