Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Send a POST API Request via iRule

Aantat
Cirrus
Cirrus

Hello team.

Help me please with sending a POST api request via iRule. What I want is somethink like this:

 

 

 

when ASM_REQUEST_VIOLATION {
    *I don't know what command should be here* "POST /sample/post/json%0A HTTP/1.0\n
Host: test.com\n {Client_address: IP::client_addr}"
 }

 

 

or just:

 

when ASM_REQUEST_VIOLATION {
    *send via API to another host* "Client_address= IP::client_addr"
 }

 

So the main goal is send Client Address from Violation event to another host via API. Is it possible to do something like that?

9 REPLIES 9

xuwen
MVP
MVP

send POST method should use the iRules sideband method. The difficulty is whether your server POST does not require username, password or Token authentication about F5?

https://clouddocs.f5.com/api/irules/SIDEBAND.html 

firstly, F5 whether can ping NGFW and telnet NGFW 80(assume NGFW api service port is 80)?

secondly, if F5 can not telnet NGFW 80,  F5 need to add network route to NGFW, make sure F5 can telnet NGFW 80

here is the http post api code(NGFW api service mode does not work in https://xxxx mode), NGFW(example NGFW ip is 10.0.0.10, api service port is 80) with no authentication for POST 

 

 

 

when ASM_REQUEST_DONE priority 500 {
    set asm_ip [ASM::client_ip]
    set asm_json "\{\"Client_address\":$asm_ip\}"
    set content_length [string length $asm_json]
    set data "POST /sample/post/json HTTP/1.0\r\nHost: test.com\r\nContent-type: application/json\r\nContent-Length: ${content_length}\r\n\r\n${asm_json}"
    if { [catch {connect -time 1000 -idle 30 -status conn_status 10.0.0.10:80} conn_id] == 0 && $conn_id ne "" } {
        log local0. "Connect returns: $conn_id and conn status: $conn_status"
        set send_bytes [send -timeout 1000 -status send_status $conn_id $data]
        log local0. "Sent $send_bytes with status $send_status"
        close $conn_id
        return
    } else {
        log local0. "Connection could not be established to NGFW"
        return
    }
}

 

 

 

To send http requests with iRules, I always use this:

https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-C...

It works like a charme and handles all the http parts for you.

I agree with the other MVP's here, sideband works like a charm - just yesterday I was deploying a new service that needs to trigger an API connection to an external database to retrieve some info that I use to distribute the packet, and I'm using sideband for that.

boneyard
MVP
MVP

Where you able to get something working @Aantat ?

Hi @boneyard.

Unfortunately I didn't

as in, no time. or didn't work?

Didn't worked.

can you share the code you tried?

Hi

I've faced the problem with getting cookies from the second system where I send the request. I have to get new cookies every time and it's making it very difficult