For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mahnsc's avatar
mahnsc
Icon for Nimbostratus rankNimbostratus
Apr 06, 2012

Three Questions on STREAM iRule

I have a web site that is sending a couple different absolute URLs that required me setting up a couple of STREAM::expression irules. Each rule worked fine when running under 9.4.3 but when we upgraded to 10.2.3, the second of the two rules no longer worked. I consolidated the rule into 1, which looks like the irule below:


when RULE_INIT {
    set ::crfind "http://host.domain.tld:8443/"
    set ::cr2find "http://host.domain.tld:8080/"
    set ::crreplace "https://host.domain.tld/"
}
when HTTP_REQUEST {
  STREAM::disable
}
when HTTP_RESPONSE {
  if {[HTTP::header value Content-Type] contains "text"} {
    STREAM::expression "@$::crfind@$::crreplace@"
    STREAM::enable
 }  elseif {[HTTP::header value Content-Type] contains "text"} {
      STREAM::expression "@$::cr2find@$::crreplace@"
      STREAM::enable
    } else {
        STREAM::disable
      }
}
when STREAM_MATCHED {
  log local0. "Matched [STREAM::match]"
}

My first question is: Why does STREAM::match only log the match for value $::cr2find even though the STREAM::expression for $::crfind works fine?

My second question is: Why doesn't the second STREAM::expression work for $::cr2find even though STREAM::match is matching it?

My last question is: What is the correct way for me to re-initialize variable values if I make a change to that value? For example, if I change the value of $::crfind from "http://host.domain:tld:8443/" to "https://host.domain.tld:8443/", nothing matches unless I change the name of the variable itself.
application delivery
dev
devops
iRules

1 Reply

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 06, 2012
    it matches for ::crfind in my testing.

    anyway, why do you use same if condition ([HTTP::header value Content-Type] contains "text") twice??

    and have you seen this article?

    LTM stream profile: Multiple replacements & regular expressions by Deb

    https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/101/LTM-stream-profile-Multiple-replacements-regular-expressions.aspx 

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      stream {}
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
   set ::crfind "http://host.domain.tld:8443/"
   set ::cr2find "http://host.domain.tld:8080/"
   set ::crreplace "https://host.domain.tld/"
}
when HTTP_REQUEST {
   STREAM::disable
}
when HTTP_RESPONSE {
   if {[HTTP::header value Content-Type] contains "text"} {
      STREAM::expression "@$::crfind@$::crreplace@"
      STREAM::enable
   } elseif {[HTTP::header value Content-Type] contains "text"} {
      STREAM::expression "@$::cr2find@$::crreplace@"
      STREAM::enable
   } else {
      STREAM::disable
   }
}
when STREAM_MATCHED {
   log local0. "Matched [STREAM::match]"
}
}

 original response (not passing bigip)

[root@ve1023:Active] config  curl -i http://200.200.200.101/test.html
HTTP/1.1 200 OK
Date: Fri, 06 Apr 2012 15:05:41 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 06 Apr 2012 15:02:30 GMT
ETag: "418447-a9-f207ed80"
Accept-Ranges: bytes
Content-Length: 169
Content-Type: text/html; charset=UTF-8




http://www.google.com/
http://host.domain.tld:8443/something
http://host.domain.tld:8080/somethingelse
http://www.yahoo.com/



 response when passing bigip

[root@centos251 ~] curl -i http://172.28.19.79/test.html
HTTP/1.1 200 OK
Date: Fri, 06 Apr 2012 15:12:57 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 06 Apr 2012 15:02:30 GMT
ETag: "418447-a9-f207ed80"
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked




http://www.google.com/
https://host.domain.tld/something
http://host.domain.tld:8080/somethingelse
http://www.yahoo.com/



 bigip

[root@ve1023:Active] config  cat /var/log/ltm
Apr  6 08:12:27 local/tmm info tmm[4797]: Rule myrule : Matched http://host.domain.tld:8443/