Forum Discussion

tiny_cloud_ninj's avatar
tiny_cloud_ninj
Historic F5 Account
Jan 24, 2018

Side-Band HTTP Payload concern

Hello experts! I am having an issue sending a HTTP Payload to another server. My goal is to intercept a File upload and send it to another Virtual Server (which has a ASM Policy applied). The main app base64 encodes the file upload and transmits the file within a URL Form encoded post. I have an iRule which intercepts the file decodes the base64 into a variable. The issue is when I attempt to append the needed Multi Part headers and footers to the capture decoded file, the resulting file becomes unreadable.

 

Code
when RULE_INIT {
    set static::debug 1
    set static::content [ifile get ]
}
when HTTP_REQUEST { 
    set VirusDetected 0
set output 0
    if { ([HTTP::uri] contains "") && ( [HTTP::method] eq "POST") } {
    set clen [HTTP::header Content-Length]
if {$static::debug} {log local0. "Request Length $clen" }
    HTTP::collect $clen
    } 
}
when HTTP_REQUEST_DATA {
    set payload [HTTP::payload]
    if {[URI::query "?$payload" ] eq "SaveAttachment" } {
     set IsAdaptEnabled 1
     set parametervalue [URI::query "?$payload" ]
     set parametervalue [URI::decode $parametervalue]
     set parametervalue [URI::decode $parametervalue]
     set contenttype1 [expr { [string first "data:" $parametervalue] + 5  } ]
     set contenttype2 [expr { [string first ";" $parametervalue $contenttype1] - 1 } ]
     set contenttypesnip [string range $parametervalue $contenttype1 $contenttype2];
     set filename1 [expr { [string first "FileName" $parametervalue] + 9  } ]
     set filename2 [expr { [string first "FileSize" $parametervalue $filename1] - 2 } ]
     set filenamesnip [string range $parametervalue $filename1 $filename2];
     set len1 [expr { [string first "base64," $parametervalue] + 7  } ]
     set len2 [expr { [string first "`" $parametervalue $len1] - 1 } ]
     set filesnip [string range $parametervalue $len1 $len2];
     if {[catch {b64decode $filesnip}  decodedfilesfile ] == 0 and $decodedfilesfile ne ""} { 
         base64 decoding succeeded 
     } else { 
         base64 decoding failed 
     } 
     set decodedfilesfilelength [string length $decodedfilesfile]
     if {$decodedfilesfilelength <= 20971520} {
            set firstboundary  "----WebKitFormBoundaryPMvLP4u7CcWWqOv7 \r\n"
            set lastboundary " \r\n\r\n----WebKitFormBoundaryPMvLP4u7CcWWqOv7\r\n"
            set contentdisposition "Content-Disposition: form-data; name=$filenamesnip; filename=$filenamesnip; size=$decodedfilesfilelength\r\nContent-Type: $contenttypesnip\r\n\r\n"
            set payload $firstboundary$contentdisposition$decodedfilesfile$lastboundary
            set s1 [call /Common/HSSR::http_req -state hstate -virt ASM_Internal_Virtual_Server -uri "http:///VirusCheck-for-filename/$filenamesnip" -method POST -body $payload -type "multipart/form-data ----WebKitFormBoundaryPMvLP4u7CcWWqOv7" -debug 1 -wait 60]
            if {$static::debug} {log local0. "ASM Virtual Server Responce $s1"}
            if {($s1 == 403) || ($s1 == 555)} {
                set VirusDetected 1
                HTTP::payload replace 0 $clen null
                HTTP::release
            } else {
                HTTP::release
            }
            call /Common/HSSR::http_close hstate
        } else {
            HTTP::respond 200 content "$static::content" noserver
        }
    }
}
application delivery
iRules
LTM
  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Jan 25, 2018

    Why not just send the whole of the request - headers and payload. Leave ASM to unpack it.

     

  • tiny_cloud_ninj's avatar
    tiny_cloud_ninj
    Historic F5 Account
    Jan 25, 2018

    The original request is not in a format which ASM can intercept for Anti-Virus scanning. The file is b64 encoded within a form parameter.

     

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 25, 2018

    I don't get the point of 

    [binary scan SOMEDATA B* somevariables]
    followed by a concentation of 
    set payload $somevariable$somevariable$b64decodedfile$somevariable
    ?

    Basically this syntax is creating a string containing something like 0101010101yourbinarycontent0101010101, isn't it? Beside of this using concentation on binary data may break any binary representation (a hidden transformation to UTF-8)...

    Cheers, Kai

  • tiny_cloud_ninj's avatar
    tiny_cloud_ninj
    Historic F5 Account
    Jan 25, 2018

    Yea, The binary scan was a mistake ( I removed those commands from the above rule). You nailed the real question.. "How should an iRule be written to concat a string on either side of a binary variable". Basically; I need to forge a Mutli/Part HTTP Post to a second service using the [HTTP::payload] from the original request..

     

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 25, 2018

    Hi Tiny Cloud Ninja,

    to concentate binary data you may check out the [binary format] syntax below...

    set payload [binary format A*A*A*A* $firstboundary $contentdisposition $decodedfilesfile $lastboundary]

    ... the syntax will create a variable 

    without
    an existing UTF-8 representations (TCL=everything is UTF-8 in its primary form), but instead just a shimmered binary representation (TCL=every variable may have a second representation. In this case a binary value).

    If you pass the variable then to another command which is able to handle binary data (sideband should be fine to handle this), it would receive the binary representation...

    Cheers, Kai

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 25, 2018

    ASM doesn't check antivirus but forward it to ICAP server.

     

    Why don't you configure ICAP feature in the LTM instead of forwarding to ASM which forward to ICAP?