Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

What irule event captures http::respond or 503 generated by the F5

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus

‎21-Jul-2022 23:00

Hi

 

I use irules to log requests and responses

problem is http::response and actions done by the F5 are not captured.

 

I have irule at  HTTP_RESPONSE_RELEASE and HTTP_RESPONSE

 

Neither fire, how can I do this ?

 

Labels:
1 ACCEPTED SOLUTION

Go to solution
PeteWhite
F5 Employee
F5 Employee

‎28-Jul-2022 04:32

If, for instance, there is an iRule which sends a response in the HTTP_REQUEST event then this will not fire the HTTP_RESPONSE event as you say ( because that fires for serverside responses ).

I don't know how to get around this other than to use the HTTP::has_responded command https://clouddocs.f5.com/api/irules/HTTP__has_responded.html and create a log if a response has been sent. 

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
StephanManthey
MVP
MVP

‎22-Jul-2022 02:27

Hi @AlexS_yb I just validated your observation with the following iRule under TMOS v15.1.6.1:

when HTTP_REQUEST {
  log local0. "irule=\"rule_respond_monitor\",virtual=\"[virtual name]\",http_host=\"[HTTP::host]\",http_path=\"[HTTP::path]\""
  HTTP::respond 200 content "hello world\r\n" noserver Connection Close
  return
}
when HTTP_RESPONSE {
  log local0. "irule=\"rule_respond_monitor\",virtual=\"[virtual name]\",http_status=\"[HTTP::status]\",server_header=\"[HTTP::header value Server]\""
}
when HTTP_RESPONSE_RELEASE {
  log local0. "irule=\"rule_respond_monitor\",virtual=\"[virtual name]\",http_status=\"[HTTP::status]\",server_header=\"[HTTP::header value Server]\""
}

You probably have to go down on TCP::payload or SSL::payload after firing TCP::collect or SSL::collect.

Another solution would be to cascade virtual servers. So the "frontend" virtual will just use the virtual statement to forward all traffic to the "backend" virtual. Now the iRule bound to the "frontend" virtual will capture the requested information.

0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus
In response to StephanManthey

‎22-Jul-2022 04:28

Not sure tcp::collect will work as there is no data from the pool / server. If it generates from the F5 or is from http::respond

 

Its a bit annoying.

as

HTTP_RESPONSE

states 

Note: HTTP_RESPONSE is specific to a server response passing through the load balancer, and is not triggered for locally-generated responses (e.g. sent using the HTTP::respond command)

and 

HTTP_RESPONSE_RELEASE

An iRule event triggered when the system is about to release HTTP data on the clientside of the connection. This event is triggered after modules process the HTTP response.

 

I sort of read that as saying it gets all and it didn't sasy it doesn't get the http::respond ones

 

 

0 Kudos

Go to solution
PeteWhite
F5 Employee
F5 Employee

‎28-Jul-2022 04:32

If, for instance, there is an iRule which sends a response in the HTTP_REQUEST event then this will not fire the HTTP_RESPONSE event as you say ( because that fires for serverside responses ).

I don't know how to get around this other than to use the HTTP::has_responded command https://clouddocs.f5.com/api/irules/HTTP__has_responded.html and create a log if a response has been sent. 

0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus
In response to PeteWhite

‎28-Jul-2022 13:17

Actually thats a pretty good way of doing it set priority really low and pick it up that way.

Hadn't thought of that.

 

I think its a bug, that it doesn't fire the other events.

0 Kudos
Copyright © 2023 Khoros, LLC