Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Send a POST API Request via iRule

Aantat
Cirrus
Cirrus

‎16-Jan-2023 02:07 - edited ‎16-Jan-2023 03:12

Hello team.

Help me please with sending a POST api request via iRule. What I want is somethink like this:

 

 

 

when ASM_REQUEST_VIOLATION {
    *I don't know what command should be here* "POST /sample/post/json%0A HTTP/1.0\n
Host: test.com\n {Client_address: IP::client_addr}"
 }

 

 

or just:

 

when ASM_REQUEST_VIOLATION {
    *send via API to another host* "Client_address= IP::client_addr"
 }

 

So the main goal is send Client Address from Violation event to another host via API. Is it possible to do something like that?

Labels:
0 Kudos
9 REPLIES 9

xuwen
MVP
MVP

‎16-Jan-2023 22:45 - edited ‎16-Jan-2023 23:38

send POST method should use the iRules sideband method. The difficulty is whether your server POST does not require username, password or Token authentication about F5?

https://clouddocs.f5.com/api/irules/SIDEBAND.html 

firstly, F5 whether can ping NGFW and telnet NGFW 80(assume NGFW api service port is 80)?

secondly, if F5 can not telnet NGFW 80,  F5 need to add network route to NGFW, make sure F5 can telnet NGFW 80

here is the http post api code(NGFW api service mode does not work in https://xxxx mode), NGFW(example NGFW ip is 10.0.0.10, api service port is 80) with no authentication for POST 

 

 

 

when ASM_REQUEST_DONE priority 500 {
    set asm_ip [ASM::client_ip]
    set asm_json "\{\"Client_address\":$asm_ip\}"
    set content_length [string length $asm_json]
    set data "POST /sample/post/json HTTP/1.0\r\nHost: test.com\r\nContent-type: application/json\r\nContent-Length: ${content_length}\r\n\r\n${asm_json}"
    if { [catch {connect -time 1000 -idle 30 -status conn_status 10.0.0.10:80} conn_id] == 0 && $conn_id ne "" } {
        log local0. "Connect returns: $conn_id and conn status: $conn_status"
        set send_bytes [send -timeout 1000 -status send_status $conn_id $data]
        log local0. "Sent $send_bytes with status $send_status"
        close $conn_id
        return
    } else {
        log local0. "Connection could not be established to NGFW"
        return
    }
}

 

 

 

Juergen_Mang
MVP
MVP

‎17-Jan-2023 01:45

To send http requests with iRules, I always use this:

https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-C...

It works like a charme and handles all the http parts for you.

CA_Valli
MVP
MVP
In response to Juergen_Mang

‎17-Jan-2023 08:55

I agree with the other MVP's here, sideband works like a charm - just yesterday I was deploying a new service that needs to trigger an API connection to an external database to retrieve some info that I use to distribute the packet, and I'm using sideband for that.

boneyard
MVP
MVP

‎29-Jan-2023 03:16

Where you able to get something working @Aantat ?

0 Kudos

Aantat
Cirrus
Cirrus
In response to boneyard

‎31-Jan-2023 03:29

Hi @boneyard.

Unfortunately I didn't

0 Kudos

boneyard
MVP
MVP
In response to Aantat

‎31-Jan-2023 10:06

as in, no time. or didn't work?

0 Kudos

Aantat
Cirrus
Cirrus
In response to boneyard

‎27-Feb-2023 02:08

Didn't worked.

0 Kudos

boneyard
MVP
MVP
In response to Aantat

‎12-Mar-2023 04:52

can you share the code you tried?

0 Kudos

Aantat
Cirrus
Cirrus
In response to boneyard

‎07-Apr-2023 03:29

Hi

I've faced the problem with getting cookies from the second system where I send the request. I have to get new cookies every time and it's making it very difficult

0 Kudos
Copyright © 2023 Khoros, LLC