cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Collect and pass on variables from client device

Kalido
Nimbostratus
Nimbostratus

Hi,

 

I have a VIP with a redirect which is pointing to a captive portal, that works fine.

 

The issue I am having is I need the traffic to collect variables such source Mac address, originating IP added onto a link for example:

 

portal/step1.html?MACAddr=XX%XXX%XXX%XXXX%XXX%XXXX&IPAddr=123.123.123.123&OrigURL=http%3A%2F%2Fwww.msftconnecttest.com%2Fredirect

 

Is this possible from the F5?

 

We would need the client device to point to the VIP then hit the redirect with the variables attached?

 

If I add the url like this:

www.example.com/portal/step1.html?MACAddr=$SUB&IPAddr=$IP&OrigURL=$URL it wont work.

1 ACCEPTED SOLUTION

Leonardo_Souza
Cirrocumulus
Cirrocumulus

No, I meant to redirect with the information at the end.

 

Try this:

 

when HTTP_REQUEST priority 400 { set mac [LINK::lasthop] set ip [IP::client_addr] set url [HTTP::uri] switch -glob -- [string tolower [HTTP::host]] { "123.45.67.890" { HTTP::redirect "https://example.com/portal/step1.html?MACAddr=$mac&IPAddr=$ip&OrigURL=$url" } } }

Forgot to say...

Don't forget the mac address you will get is the last device mac address.

If the client is not in the same network as the F5, it is not going to be the client mac address.

View solution in original post

4 REPLIES 4

Leonardo_Souza
Cirrocumulus
Cirrocumulus

Yes, it is possible.

 

You need to create an iRule to collect the data and send a HTTP response.

This link has some examples:

https://clouddocs.f5.com/api/irules/HTTP__respond.html

 

If the F5 is not in the same network as the client, you will not see the real client MAC address.

 

Hi Leonardo,

 

Thank you very much for your reply.

 

So I have a rule configured already with the following example:

 

when HTTP_REQUEST priority 400 {

    switch -glob -- [string tolower [HTTP::host]] {

        "123.45.67.890"     { HTTP::redirect "https://example.com/portal/step1.html?[HTTP::uri]" }

  }

}

 

The thing is I need it to go to the following URI https://example.com/portal/step1.html? the redirect above is currently working.

 

Are you saying that I can create an Irule which will do the redirect first, then it will add the following onto the end of the uri?

 

so in the end the final uri will look like this:

 

https://example.com/portal/step1.html?portal/step1.html?MACAddr=XX%XXX%XXX%XXXX%XXX%XXXX&IPAddr=123.123.123.123&OrigURL=http%3A%2F%2Fwww.msftconnecttest.com%2Fredirect

 

With the Macaddress and the originating IP being the client device which connected to the F5.

 

This information is basically redirecting to a portal.

 

I looked at the link you provided and I couldn't see the following, which Irule would modify the URI with the mac address as well as the originating IP and would the F5 be able to process both Irules?

Leonardo_Souza
Cirrocumulus
Cirrocumulus

No, I meant to redirect with the information at the end.

 

Try this:

 

when HTTP_REQUEST priority 400 { set mac [LINK::lasthop] set ip [IP::client_addr] set url [HTTP::uri] switch -glob -- [string tolower [HTTP::host]] { "123.45.67.890" { HTTP::redirect "https://example.com/portal/step1.html?MACAddr=$mac&IPAddr=$ip&OrigURL=$url" } } }

Forgot to say...

Don't forget the mac address you will get is the last device mac address.

If the client is not in the same network as the F5, it is not going to be the client mac address.

Hi Leonardo,

 

Thank you so much for getting back to me, this has resolved the issue!

 

I couldn't see it before but thanks to you these Irules are starting to make more sense.

 

No all heroes wear capes!

 

Thank you again!