cancel
Showing results for 
Search instead for 
Did you mean: 
nshelton85
Altostratus
Altostratus

Problem this snippet solves:

I am trying to log the IP address and usernames that are attempting to login to our web portal. I have the iRule mostly working, but I am having difficulty finding out how to extract certain pieces of the HTTP form rather than the whole thing. The fields in the form are UserID, EnteredUserId,and Password. Currently with the script below I get the following message in my LTM log file ": domain=&UserID=Nate10&EnteredUserID=Nate10&Password=PasswordRemoved has attempted to login from 172.xxx.xxx.xxx:61562." For security reasons I would like to just log the UserID and EnteredUserID as well as have a variable that can be toggled on/off to log the password for debugging and troubleshooting. I have tried adding a couple of different scripts to mine that I have seen in other posts, but nothing seems to work. Any ideas?

Code :

when HTTP_REQUEST {
  if { [HTTP::method] equals "POST" } {
    if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576} {
      set content_length [HTTP::header "Content-Length"]
    } else {
      set content_length 1048576
    }
    HTTP::collect $content_length
  }
}
when HTTP_REQUEST_DATA {
    set client [IP::client_addr]:[TCP::client_port]
    set url [HTTP::header Host][HTTP::uri]
    set HTTP_METHOD [HTTP::method]
    set HTTP_PAYLOAD [HTTP::payload]
    log local0. "This is a test message $url $client"
if {($url contains "/servlet/Login")}
{
log local0. "$HTTP_PAYLOAD has attempted to login from $client"
}
}

Tested this on version:

12.1
Comments
Stanislas_Piro2
Cumulonimbus
Cumulonimbus

If you want to ask a question, post it in ANSWER section...

 

This section is to share working codes to the community.

 

nshelton85
Altostratus
Altostratus

Sorry, new to this board and didn't see that section. I have re-posted my question in the right place.

 

Version history
Last update:
‎13-Sep-2018 17:35
Updated by:
Contributors