cancel
Showing results for 
Search instead for 
Did you mean: 

iRules change HTTP::Payload when talking to the backend servers

CPSSupport
Nimbostratus
Nimbostratus

I need to make some changes using the iRules to the request payload then need to pass the original request to the backend server, is there a compatible event with HTTP::Payload command that can pass traffic to the backend server?

Thanks in advance.

5 REPLIES 5

Yes its doable, use HTTP_REQUEST_DATA event to make your manipulation on the payload.

Refer the below article.

 

https://clouddocs.f5.com/api/irules/HTTP_REQUEST_DATA.html

I want to manipulate the payload then pass F5 the manipulated one but the backend server will receive the original payload can you help me, please ?

Can you elaborate what you are trying to achieve by manipulating the payload twice? Maybe there is another way to get to your goal.

 

I don't say it is nonsense, but I think it would help to know the use-case.

I need to change the original request to some format that WAF can understand and apply its security check against then if the request is good, I need the WAF to pass the original request to the server as the server only understands the original request sent by the client

Maybe you can try a layered virtual. I am not a big fan of using layered virtuals since they add an extra layer of complexity when troubleshooting.

 

Traffic would flow like this:

vIP_1 >> iRule manipulates payload >> passes ASM >> vIP_2 >> iRule manipulates payload back >> backend server

 

Here are some steps for guidance.

K13315545: Configuring a BIG-IP ASM virtual server to protect a BIG-IP APM login page with brute for...

In this approach you can also combine iRules and LTM Traffic Policies.