iRule to replace content of the location header on HTTP Responses
I'm trying to create an iRule that will detect if a web server is sending it's private IP address in the location header on it's responses. The logic is to read the location header in the responses, detect if the private IP addresses of the servers are included on them and replace the content of the location header to the website's URL, leaving everything else intact. This is the initial code I came up with. Should this work? Any better suggestions? when HTTP_RESPONSE { if { ( [HTTP::header Location] contains "10.0.0.11" ) || ( [HTTP::header Location] contains "10.0.0.12" ) } { [HTTP::header Location] replace "www.mywebsite.com" } }
when HTTP_REQUEST_DATA not working
Hello folks, I have a POC I'm testing out. The idea is a web user does a HTTP POST with token that matches a value in a data group. If it matches it will connect them to the pool. I am running into trouble with HTTP_REQUEST_DATA not firing. I've done some debugging by placing log statements within my many IF clauses. Running LTM 11.5.1 HF4 when CLIENT_ACCEPTED { set usertoken "1" } end of CLIENT_ACCEPTED when HTTP_REQUEST_DATA { log local0. "HITTING http-request-data clause" foreach x [split [string tolower [HTTP::payload]] "&"] { if { $x starts_with "token=" } { set usertoken [lindex [split $x "="] 1] } } log local0. "User $usertoken attempted login from [IP::client_addr]:[TCP::client_port]" } end of HTTP_REQUEST_DATA when HTTP_REQUEST { set MasterToken [class match -value "num" equals data_POC ] if { ([IP::addr [IP::client_addr] equals "10.255.255.4/32"]) }{ Admin Page displayed based on source IP HTTP::respond 200 content "Token is $MasterToken" log local0. "HITTING 10.30.0.0 clause" } else { Check if request is a POST if { ([string tolower [HTTP::method]] eq "post" ) } { log local0. "HItting post clause" check content length is less than a 1Mb, or capture 1Mb only if { ([HTTP::header "Content-Length"] ne "") && ([HTTP::header "Content-Length"] <= 1048576)}{ log local0. "hitting content-length clause" set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } Check if $content_length is not set to 0 if { $content_length > 0} { log local0. "HITTING http-collect clause" HTTP::collect this fires the HTTP_REQUEST_DATA event } Check if $gloabal_usertoken and $MAsterToken match if { ($usertoken eq $MasterToken) }{ MATCH page HTTP::respond 200 content " MATCH $usertoken and $MasterToken " } else { NO match page HTTP::respond 200 content " NO MATCH $usertoken and $MasterToken " } NO POST data } else { HTTP::respond 200 content [ifile get "iFile_TokenPage"] } } } end of HTTP_REQUEST usertoken = dynamic variable that gets set in HTTP_REQUEST_DATA based on the POST field=token and it's value, and read in HTTP_REQUEST where it is compared to the Data Group value. Interesting enough the client logic is making it to HTTP::collect Jun 10 17:09:01 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HItting post clause Jun 10 17:09:01 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : hitting content-length clause Jun 10 17:09:01 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HITTING http-collect clause Jun 10 17:09:02 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HItting post clause Jun 10 17:09:02 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : hitting content-length clause Jun 10 17:09:02 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HITTING http-collect clause Jun 10 17:09:03 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HItting post clause Jun 10 17:09:03 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : hitting content-length clause Jun 10 17:09:03 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HITTING http-collect clause Jun 10 17:09:03 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HItting post clause Jun 10 17:09:03 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : hitting content-length clause Jun 10 17:09:03 deltm02 info tmm3[10524]: Rule /Common/irule_tokenPage : HITTING http-collect clause Lastly here is the iFile_TokenPage just incase Any help would be greatly appreciated.
Differentiating the connections based on headers || HTTP Profile
Hi, I have a scenario wherein the app team wants to publish an application both to external and internal (intranet). However, the requirement from them is to check on BIG IP to leverage HTTP profile (or iRule) to segregate between external and internal users. They want to have something like http profile = abc.com_external implies external user http profile = abc.com_internal implies internal user Now, below is the traffic flow for both scenarios, External End user >>> External BIGIP >>> Internal BIGIP >>> Backend Servers Internal End user >>>> Internal BIGIP >>> Backend Servers So, the only difference basically is that for external connections the internal BIGIP would see the source as the external BIGIP. Now, my approach is if we can insert something in the header on external BIGIP and monitor for it on the internal BIGIP then we could differentiate between external and internal users. Internal connections would be parsed as normal. Therefore, at the app level on backend servers they could differentiate between external connections by monitoring the newly added header. Not sure if this could be achievable but would be great if you could provide some help and thoughts. Br, MSK
remove HTTP header based on its value
Lets say I have a client sending multiple headers with same name but different values. How can i remove just one of these headers if it's value is equal to something i'm looking for? For example: GET / HTTP/1.1 Test: a Test: b Test: c Test: d how can I remove just "Test: c" ? Thanks in advanced
BIG-IP : header added timestamp
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi For the case where multiple identical headers (e.g. X-FORWARDED-FOR) accumulate as a request passes through a series of entities ( e.g. clients, forward-proxies, CDNs, reverse-proxies, & servers ) : X-FORWARDED-FOR 10.10.20.1 X-FORWARDED-FOR 199.16.144.5 X-FORWARDED-FOR 204.15.0.249 Does the request include timestamp data for each header added ? If BIG-IP adds a header , does it record the timestamp somewhere ?BIG-IP add custom header
F5 BIG-IP LTM VE v11.4.0 on ESXi I want to add a custom header to my request before rewriting to a backend server : when HTTP_REQUEST { HTTP::header insert uri-original [HTTP::uri] ... HTTP::uri $rewrite_uri pool backend-pool-01 } However my tests do not show this header present. Am I adding the header correctly ? What are the rules around retaining added headers ? How can I log all headers present in my request ? UPDATE ( 2014-11-29 ) : For case where iRule is assigned to a virtual-server with an http profile, I verified above TCL does add header as expected. However, for https case, adding the header writes errors to the f5 logs : Nov 14 22:03:03 f5-01 err bigd[6134]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure. Nov 14 22:03:04 f5-01 err tmm1[8371]: 01220001:3: TCL error: /Common/xheader-irule-01 - Operation not supported (line 1) invoked from within "HTTP::header insert original-uri [HTTP::uri]"
How can I reorder HTTP headers?
I want to insert an HTTP header into the current list of HTTP headers, but I need it to be the first HTTP header in the list, before the Host, Content-Type and Content-Length. Using the standard HTTP::header insert, puts it at the. Since there are no commands to insert it into a specific spot, I figure I need to create a variable with each HTTP::header name=value pair and then delete them all, then start adding one by one starting with my custom one. Either way, I have been trying foreach loops and while loops and can't figure out how to use a dynamic variable that increments as I iterate through the number of inbound HTTP headers. I'm currently trying something like this: set y 0 set hc [HTTP::header count] while {$y <= $hc} { log local0. "y=$y" set v "v-$y" log local0. "v=$v" set na "[HTTP::header at $y]" set va "[HTTP::header value $na]" log local0. "na=$na va=$va" set $v "$na $va" log local0. "v=$v" incr y } I'm sure I'm missing some tcl savvy so I'll take any suggestions you have.
BIG-IP : iRule fails to find cookie
In Google Advanced REST Client , I send my GET request with headers : Cookie: special=1 My iRule has the following code : when HTTP_REQUEST { set cookie_special [HTTP::cookie value "special"] log local0. "cookie_special = $cookie_special" This logs as : cookie_special = So apparently F5 is not finding a cookie named "special". How can I further diagnose this issue ?
How to use literals starting with "$" in iRule
Hi, I need to pass client certificate to WebSphere so the application can perform SSL based authentication. I following this article https://support.f5.com/csp/article/K95338243 However in WebSphere App Server the headed for client certificate is $WSCC. But if I code iRule like this when HTTP_REQUEST { HTTP::header insert $WSCC [b64encode [SSL::cert 0]] } $WSCC is treated as a variable WCSS and the rule is broken How do I get around this issue? Thanks Genna