cancel
Showing results for 
Search instead for 
Did you mean: 

Remove values in the payload

Louis27
Nimbostratus
Nimbostratus

Hello, I am new to the F5 iRules.

I need to remove all the values of '<pan>' in the 'HTTP::payload', either remove all the tags '<pan>' too.
The structure is as below.  This '<pan>' can exsit one or more times in the 'HTTP::payload'.

I am wondering if there is 'regex map' like 'string map' to do that?

If anyone can help, i really appreciate it.

Louis

 

 

 

<card>
   <expDate>[string]</expDate>
   <pan>
        <plainPan>[string?]</plainPan>
    </pan>
</card>
<card>
    <expDate>[string]</expDate>
     <pan>
         <plainPan>[string?]</plainPan>
     </pan>
</card>

 

 

 

 

6 REPLIES 6

JRahm
Community Manager
Community Manager

I'm not sure I follow exactly, are you trying to do this:

 

<card>
   <expDate>[string]</expDate>
        <plainPan>[string?]</plainPan>
</card>
<card>
    <expDate>[string]</expDate>
         <plainPan>[string?]</plainPan>
</card>

 

or this:

 

<card>
   <expDate>[string]</expDate>
</card>
<card>
    <expDate>[string]</expDate>
</card>

 

If the first, you can do that with a simple stream profile:

ltm profile stream pan_test_stream {
    app-service none
    defaults-from stream
    target "@<pan>@@ @</pan>@@"
}

If the latter, an html content profile should work, but I haven't done that before. Something to look into before thinking about regex.

 

Hello JRahm,  Thanks for your response. 

What I want to do is the second one as you mentioned. 
I have tried 'html content' with this article https://support.f5.com/csp/article/K99872325, it doesn't work. It seems that 'html content profile' is only for modify HTML content sent in responses from the back-end servers. 

What I want is to modify the request . Do you have any suggestion about  that?

By the way, the request is in the format xml SOAP as below:

 

<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
    <Body>
            <cardsData>
                <card>
                    <expDate>[string]</expDate>
                    <pan>
                        <plainPan>[string?]</plainPan>
                    </pan>
                </card>
                <card>
                    <expDate>[string]</expDate>
                    <pan>
                        <plainPan>[string?]</plainPan>
                    </pan>
                </card>
               can exist serveral cards
    </Body>
</Envelope>

 

Thank you in advance.

JRahm
Community Manager
Community Manager

Yeah, I found that out myself on the HTML profile, couldn't get it to work on request traffic. What's your virtual server setup look like regarding profiles? Might need to do some payload manipulation in iRules.

JRahm
Community Manager
Community Manager

Try this stream profile on your virtual server:

ltm profile stream pantest_stream {
    app-service none
    chunking enabled
    defaults-from stream
    target @<pan>(.*\?)<\\/pan>@@
}

My test request on the clientside of BIG-IP:

stream_1.png

And on the server-side:

stream_2.png

Ignore the card(n) and string(n)...I added those while troubleshooting my failed attempts! 🙂

Hello, JRahm Thanks again for your reponse, you are so warm hearted.

I didn't find the way your created stream.

 

ltm profile stream pantest_stream {
    app-service none
    chunking enabled
    defaults-from stream
    target @<pan>(.*\?)<\\/pan>@@
}

 

I've tried my side with graphic configuration stream as below:

source I put '<pan>(.*\?)<\\/pan>', and nothing for target. chunk deactivated.

Louis27_0-1655218468661.png

and then activate this stream profile dans virtuel server like this:

Louis27_1-1655218550443.png

After that I checked the data receieved on the server side, it doesn't change anything. There is still 'pan'. Do I miss anything?

Louis27_2-1655219778287.png

PS: 'plainPanRemoved' is done by our app to remove sensitive data.

I also tried with iRules,  the back-end throws directly 'Error reading XMLStreamReader'.

 

when HTTP_REQUEST {
	# Verify Content-length, POST, URI
    if { [HTTP::header exists Content-length] and [HTTP::method] equals "POST" and [string tolower [HTTP::uri]] contains "/endPointName"}{
	
		# Verify if the request is CreateWalletReq 
		if { [HTTP::payload] contains "<CreateWalletReq"} {        
		
	   # Remove PAN
            STREAM::expression {@<pan>(.*\?)<\\/pan>@@}
	    STREAM::enable

		}
	}
}


when HTTP_RESPONSE {
    STREAM::disable
}

 


Thanks again.

 

 

 

 

JRahm
Community Manager
Community Manager

If entering the string in the GUI, you shouldn't need the additional backslash, it should just be:

 

@<pan>(.*\?)<\/pan>@@

 

 If you are NOT needing the plainPan tags (and enclosed content) removed, then this is not what you want. You will likely just want:

 

@<pan>@@ @<\/pan>@@