iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)
Hi, everyone in devcentral: I am currently using iRules to simulate the basic functions of an http profile. With this set of scripts, you can achieve similar functionality without needing to mount an http profile on Virtual Server. This set of scripts is only for learning iRules, HTTP, TCP, and related knowledge, and must not be used in a production environment. If there is a need for HTTP protocol parsing, please use the http profile. The current functions are not yet complete; additional features will be added later. Anyone interested are welcome to provide suggestions. GitHub - lfptss/http_protocol_parser · GitHubHTTP Profile troubleshoot
HTTP profile is enforcing RFC. How can I see logs of the exact violation and block? For example, if a RST sent due to RFC violation, I could activate BIG-IP system to log TCP RST packets (https://my.f5.com/manage/s/article/K13223), but then I only see a general error like "F5RST: Malformed HTTP header error" How can I log the actual error? For example: duplicate Transfer-Encoding header
BIG-IP : http profile : insert x-forwarded-for : enabled
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi HTTP Profile Insert X-Forwarded-For : Enabled Suppose the client has already added the "X-Forwarded-For" header value to the request. How will BIG-IP behave ? Will it leave the existing header value intact ? Or will it overwrite the value with what it believes to be the request client ip ? Further, at what point in request-processing does the insert/replace header operation occur ? Does it occur before iRule processing so that the header value is available within the iRule event processing when HTTP_REQUEST {} ?BIG-IP : http profile : insert multiple headers
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi Via the web-admin, I can create/edit an http profile and set this field : Request Header Insert = "X-Forwarded-Proto:http" But what if I want to insert multiple headers ? What is the syntax ? Further, does Request Header Insert erase any pre-existing request headers ? Also, I set Insert X-Forwarded-For to Enabled but logs do not show header X-Forwarded-For to be present.BIG-IP : HTTP Profile Insert X-Forwarded-For Enabled but not found in request headers collection
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi For a Virtual-Server assigned an HTTP Profile configured with : Insert X-Forwarded-For Enabled under what circumstances would the header not be inserted ? My iRule logs : when HTTP_REQUEST { log local0. "X-Forwarded-For header = [HTTP::header X-Forwarded-For]" ` indicate header is not present -- here is log output : `X-Forwarded-For header = Could disabling HTTP_REQUEST event at end of iRule affect HTTP Profile ability to add the header ?
Attaching w3c iRule to VS
Hi, I'm in midst of preparation to attach w3c iRule to all the VS in my internet facing BIGIP. I would be attaching to all the VS with http profile. But just wondering, if there would be any impact on the configuration (or change in Properties of VS) when I attach the iRule in question to the VS. Please confirm. Thanks, MSKDifferentiating the connections based on headers || HTTP Profile
Hi, I have a scenario wherein the app team wants to publish an application both to external and internal (intranet). However, the requirement from them is to check on BIG IP to leverage HTTP profile (or iRule) to segregate between external and internal users. They want to have something like http profile = abc.com_external implies external user http profile = abc.com_internal implies internal user Now, below is the traffic flow for both scenarios, External End user >>> External BIGIP >>> Internal BIGIP >>> Backend Servers Internal End user >>>> Internal BIGIP >>> Backend Servers So, the only difference basically is that for external connections the internal BIGIP would see the source as the external BIGIP. Now, my approach is if we can insert something in the header on external BIGIP and monitor for it on the internal BIGIP then we could differentiate between external and internal users. Internal connections would be parsed as normal. Therefore, at the app level on backend servers they could differentiate between external connections by monitoring the newly added header. Not sure if this could be achievable but would be great if you could provide some help and thoughts. Br, MSKApply Persistence Cookie on iRule (multi pool)
Hello, We use the bellow iRule to LB to multiple pools depending on URI: when HTTP_REQUEST { set uri [string tolower [HTTP::uri]] if { $uri starts_with "/content" } { pool Pool_CRM81_Content_80 } elseif { $uri starts_with "/ecommunications_ccfra" } { pool Pool_CRM81_ccfra } else { drop } } We'd Like to apply persistence cookie for Pool_CRM81_ccfra Only. Trying to add command "persist cookie" failed, can you give advices please? Thank you in advance
APM Returning "Big IP" in Server field, but need to hide that information.
I have one of my customers running through APM for some SAML authentication. One of their concerns is that when inspecting some headers the Server field is populated with "Big IP", while the customer would prefer another layer of security through obfuscation. It appears that the "Server: Big IP" field is being populated after the 302 redirect from APM when /my.policy is served. Is it possible to hide this field? Due to it being in APM I believe I will need this statement: when CLIENT_ACCEPTED { to get access to restricted URIs ACCESS::restrict_irule_events disable } However, in the irule, is there a way to tell the BigIP to return a different, or no, value in the Server field? Is there a way to do it in the HTTP profile maybe? Thanks.
Device not outputting HTTP Header error into syslog?
I have a production BIG-IP running v15.1.0.4 that is showing unexpected behaviour on a certain LTM error code. I was trying to troubleshoot some connectivity errors and it turned out that the client was sending an oversize HTTP Request header which was greater than the byte limit set in the HTTP "Max header size" value. Normally we would expect to see error code 011f0005 "HTTP header (xxx) exceeded maximum allowed size of 32768" but in this case nothing was observed. A different request with more than the maximum *number* of headers did trigger the separate event "011f0011:3: HTTP header count exceeded maximum allowed count", so the LTM logging is working fine for other codes, just not the header size one. I've compared the same requests on a different F5 pair running the same software version that front a test version of the website affected, and the log entry is being output to syslog as expected, so it seems specific to this production device pair. Is there any way to check lower level logging settings or compare sys db flags between these two pairs so I can try and work out why the error didn't log as expected? Thought it was worth an ask on here prior to raising a suport ticket. Many thanks, Dan
