Forum Discussion
TCP iRule to find HTTP headers
I have a situation where I have an iRule that works once the user is using the HTTP protocol. Unfortunately, the same VIP handles a proprietary protocol from Oracle called T3. To use the iRule I need an HTTP profile but that will break the T3 users.
- My idea is the parse the TCP and determine if the request is HTTP
- If it is HTTP, add an HTTP profile and my iRule to the VIP dynamically
I would like some help. I know the a TCP header is 20 bytes and HTTP starts with the method GET or POST. So I am guessing that I have to 'scan' the tcp payload for a GET (for example) and if it starts with that, apply the http profile and then the iRule.
Thanks for your help and/or guidance in advance!
I think you could limit the iRule to this:
when CLIENT_ACCEPTED { HTTP::disable TCP::collect 4 } when CLIENT_DATA { if { [TCP::payload 4] contains "GET" } { HTTP::enable } TCP::release } when HTTP_REQUEST { my irule } when HTTP_RESPONSE { my irule }
I'll expect the HTTP_REQUEST and HTTP_RESPONSE events will not be triggered when the HTTP profile is disabled.
- ottleydamianCirrus
My first thoughts are something like this: (the HTTP profile will be configured on the VIP)
` when CLIENT_ACCEPTED { TCP::collect 4 } `
` when CLIENT_DATA { if { ([TCP::payload 4] contains "GET") || ([TCP::payload 4] contains "POST") } { HTTP::enable How to add the iRule??? } else { HTTP::disable How to remove the iRule??? } TCP::release } `
- ottleydamianCirrus
Another thought I had was disabling and enabling events so I can have 1 iRule: (I haven't tested it in production yet but my preliminary test suggest that it should work)
when CLIENT_ACCEPTED { TCP::collect 4 } when CLIENT_DATA { log local0. "Before GET" if { [TCP::payload 4] contains "GET" } { HTTP::enable event HTTP_REQUEST enable event HTTP_RESPONSE enable rule Levi-Test log local0. "After GET" if { [PROFILE::exists http] == 1 }{ log local0. "HTTP profile was added" } } else { HTTP::disable event HTTP_REQUEST disable event HTTP_RESPONSE disable rule none log local0. "HTTP profile was removed..." } TCP::release } when HTTP_REQUEST { my irule } when HTTP_RESPONSE { my irule }
I think you could limit the iRule to this:
when CLIENT_ACCEPTED { HTTP::disable TCP::collect 4 } when CLIENT_DATA { if { [TCP::payload 4] contains "GET" } { HTTP::enable } TCP::release } when HTTP_REQUEST { my irule } when HTTP_RESPONSE { my irule }
I'll expect the HTTP_REQUEST and HTTP_RESPONSE events will not be triggered when the HTTP profile is disabled.
- JRahmAdmin
lgtm, only change I'd make is to assure all the request methods supported by your http app are accounted for in your conditional.
- ottleydamianCirrus
Thanks,
My iRule has both GET and POST.
if { ([TCP::payload 4] contains "GET") || ([TCP::payload 4] contains "POST") } {
Thanks guys for all your great help (Niels van Sluis & Jason Rahm). I'm very positive that this will work once I get to implement it.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com