Return a text string

MGrift_57913 · ‎30-Oct-2012

We are looking to re-direct Microsoft Network Connect Service queries (http://www.msftncsi.com/ncsi.txt) to a virtual server, and serve up the string ourselves via an F5 iRule or other method.

The text file contains the following line:

Microsoft NCSI

Is this possible? We are exceeding our Websense License count by this simple connect script, as computers which are not used to connect to the internet still run up our license count by connecting to this website.

Thanks,

Mark

nathe · ‎30-Oct-2012

Mark

What springs to mind....if you've got v11.1 of course is iFiles. You could import the ncsi.txt file and set an iRule to reference this when it receives a http request for msftncsi.com

Hope this helps,

Nathan

nathe · ‎30-Oct-2012

Mark

See https://devcentral.f5.com/tutorials/tech-tips/v111-ndashexternal-file-access-from-irules-via-ifiles

HTH

Nathan

What_Lies_Bene1 · ‎30-Oct-2012

This is definitely possible. I'll post an iRule shortly.

What_Lies_Bene1 · ‎30-Oct-2012

Here you go;

when HTTP_REQUEST { if { [string tolower [HTTP::uri]] ends_with "ncsi.txt" } { HTTP::respond 200 content "Microsoft NCSI" } }

--Corrected as directed below

etem055 · ‎23-Nov-2022

where should be define this file?

ncsi.txt

nitass · ‎30-Oct-2012

i just corrected bracket and operator.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { [string tolower [HTTP::path]] ends_with "ncsi.txt" } {
      HTTP::respond 200 content "Microsoft NCSI" noserver Content-Type "text/html" Connection "Close"
   }
}
}
[root@ve10:Active] config  curl -i http://172.28.19.79/ncsi.txt
HTTP/1.0 200 OK
Content-Type: text/html
Connection: close
Content-Length: 14

Microsoft NCSI

Mohamed_Lrhazi · ‎30-Oct-2012

Does not sound very kosher though. for example, why block that URI, if in fact you think they should not be allowed to use any Internet service at all?

Anyways, so you can manage for all http traffic from these client to come to your F5s? how do you do that? F5 LTM is the gateway?

In order to use an iRule like suggested, you would need a virtual server listening on an IP that those clients would connect to... you could try and just make that IP the actual Microsoft IP address.. is there only one? what if it changes?

If you can control the clients, it might be simpler to update their /etc/hosts to point the DNS name to loopback.

Mohamed_Lrhazi · ‎30-Oct-2012

Please ignore my kosherness remark and accept my apologies. that was wrong and wrong.

Thanks,

Mohamed.

What_Lies_Bene1 · ‎30-Oct-2012

Thanks as ever nitass. I've corrected my post too just in case someone doesn't scroll down!

nathe · ‎30-Oct-2012

Mark, looks like I was too keen to get a new feature in (relatively new anyway) and over complicated matters.

Thanks Steve / nitass - a lesson learned on keeping things simple 😉

N

MGrift_57913 · ‎30-Oct-2012

Thanks guys.

I can't segregate traffic based on ip - the desktop domain is one big DHCP VLAN. I can however answer a DNS call with an IP of my choosing, which is far simpler in my situation.

This part is precisely what I was looking to do:

rule myrule {

when HTTP_REQUEST {

if { [string tolower [HTTP::path]] ends_with "ncsi.txt" } {

HTTP::respond 200 content "Microsoft NCSI" noserver Content-Type "text/html" Connection "Close"

}

I tried this a dozen different ways which didn't work, but never with the "text/html" field. I'll plug this one in shortly, and verify results.

DevCentral

Return a text string

MFA required on DevCentral