Forum Discussion
AlexS_yb
Cirrocumulus
CirrocumulusWhat irule event captures http::respond or 503 generated by the F5
Hi
I use irules to log requests and responses
problem is http::response and actions done by the F5 are not captured.
I have irule at HTTP_RESPONSE_RELEASE and HTTP_RESPONSE
Neither fire, how can I do this ?
If, for instance, there is an iRule which sends a response in the HTTP_REQUEST event then this will not fire the HTTP_RESPONSE event as you say ( because that fires for serverside responses ).
I don't know how to get around this other than to use the HTTP::has_responded command https://clouddocs.f5.com/api/irules/HTTP__has_responded.html and create a log if a response has been sent.
Hi AlexS_yb I just validated your observation with the following iRule under TMOS v15.1.6.1:
when HTTP_REQUEST { log local0. "irule=\"rule_respond_monitor\",virtual=\"[virtual name]\",http_host=\"[HTTP::host]\",http_path=\"[HTTP::path]\"" HTTP::respond 200 content "hello world\r\n" noserver Connection Close return } when HTTP_RESPONSE { log local0. "irule=\"rule_respond_monitor\",virtual=\"[virtual name]\",http_status=\"[HTTP::status]\",server_header=\"[HTTP::header value Server]\"" } when HTTP_RESPONSE_RELEASE { log local0. "irule=\"rule_respond_monitor\",virtual=\"[virtual name]\",http_status=\"[HTTP::status]\",server_header=\"[HTTP::header value Server]\"" }You probably have to go down on TCP::payload or SSL::payload after firing TCP::collect or SSL::collect.
Another solution would be to cascade virtual servers. So the "frontend" virtual will just use the virtual statement to forward all traffic to the "backend" virtual. Now the iRule bound to the "frontend" virtual will capture the requested information.
AlexS_ybNot sure tcp::collect will work as there is no data from the pool / server. If it generates from the F5 or is from http::respond
Its a bit annoying.
as
HTTP_RESPONSE
states
Note: HTTP_RESPONSE is specific to a server response passing through the load balancer, and is not triggered for locally-generated responses (e.g. sent using the HTTP::respond command)
and
HTTP_RESPONSE_RELEASE
An iRule event triggered when the system is about to release HTTP data on the clientside of the connection. This event is triggered after modules process the HTTP response.
I sort of read that as saying it gets all and it didn't sasy it doesn't get the http::respond ones
- PeteWhite
Employee
If, for instance, there is an iRule which sends a response in the HTTP_REQUEST event then this will not fire the HTTP_RESPONSE event as you say ( because that fires for serverside responses ).
I don't know how to get around this other than to use the HTTP::has_responded command https://clouddocs.f5.com/api/irules/HTTP__has_responded.html and create a log if a response has been sent.
- AlexS_yb
Actually thats a pretty good way of doing it set priority really low and pick it up that way.
Hadn't thought of that.
I think its a bug, that it doesn't fire the other events.
