Forum Discussion
Nicola_DT
Nimbostratus
NimbostratusString substitution issue in an http stream (soap)
Hi everyone,
I am using an irule that I have discovered somewhere in the dev central, my goal is to substitute a value in a tcp stream with another value, to be more specific a client sends an xml post (soap) to a server, with some credential that are admin:admin (user and password). These credentials are encoded in b64, so at the streaming level I see the string admin:admin like YWRtaW46YWRtaW4= (verified with tcpdump).
The Bigip should catch it and substitute it ONLY if it's set to admin:admin to something else like "xxxxxxxx:admin", when xxxxxxxx is based on the content on another XML tag inside the soap (serial number of the client station).
I have already found some function to be able to translate the value from textstring to b64 and the other way round, the problem is that even if I set for testing purposes the string as a static string, the substitution does not work.
This is the irule:
when HTTP_REQUEST {
Check if the request is a POST, with a content type of text
if {[HTTP::method] eq "POST" && [HTTP::header value Content-Type] contains "text/xml"}{
log local0. "stream in action"
Match the literal string "find" and replace it with "replace"
STREAM::expression {@find@replace@}
STREAM::expression {@YWRtaW46YWRtaW4=@cGlwcG86MTIzNDU=@}
Enable the stream filter for this request only
STREAM::enable
} else {
Disable the stream filter by default
log local0. "not passed by stream swapping function"
STREAM::disable
}
}
when STREAM_MATCHED {
This event is only included for debugging. You should remove the event after testing is complete.
log local0. "[IP::client_addr]:[TCP::local_port]: matched: [STREAM::match]"
}
The logging is working and I see the logging telling "stream in action", fact is that on the server I still receive the original string admin:admin instead of the new string that should substitute the original.
Anyone can help me with this issue ?
More than this, how to put into the new string "xxxxxx:admin" a value that is passing later on the tcp stream ?
Is it correct to use the "findstr" function ? I can easy select the right sequence of characters because it's ike that in the soap:
" 1234567890 ", so theorically I could use a findstr expression to find "" and from then I could collect 10 characters to be used to be put in a local variable and then be written instead of the original "admin" [to be clearer: admin:admin -> 1234567890:admin]
Any tip is welcome, I am stuck
Thanx,
Nicola.
hoolioCirrostratus
Hi Nicola,
So when you use a stream expression of {@YWRtaW46YWRtaW4=@cGlwcG86MTIzNDU=@} you see the debug being logged from the STREAM_MATCHED event, but you don't see the actual request payload modified? That doesn't sound correct.
If you want to replace the base64 encoded username:password with an encoded string from somewhere else in the payload, you would either need to set the stream expression to a regex which matches both the string you want to encode and insert as well as the string you want to replace. In the STREAM_MATCHED event you could then use STREAM::match to get the matched string and STREAM::replace to replace the string.
If you can post an anonymized sample of the request payload I can try to give you a more exact example. Else, you can check the last example on the STREAM::expression wiki page for a rough idea (Click here).
Aaron
Nicola_DTThanx Aaron,
I am still checking this flow, will let you know some as soon as I am done with other testings and I have some data to post.
Nicola