Bypass "Bad unescape" in Body POST (ASM, POST, JSON)
Here the Block. As you can see is "%" is detected without encoding meaning. This is normal since the "%" is in the Body of the post as JSON data (see below) Of course if I disable the "Bad unescape" in " Learning and Blocking Settings" it works, but my Goal is to bypass using rule on parameter or similar, till now without success. Does anyone have a solution ? ======= JSON on POST Dody Request =======================
Https monitor- POST
Hi, Could you help to get the https monitor set up using POST-username & password to check the availability of the app. Here is the info to be sent: Request Type – POST Body Request – { "customerId": "123456", "itemId": "67894", "suppressError": "1" } UserId: username password: p@ssword Expected result will be pass. Will appreciated if this could be sorted at the earliest. Thanks -MKFind the REAL POST Payload ...
Hey experts! If I needed to find the actual payload of a POST, and not any of the embedded headers, I am currently finding the content, 3 characters after the end of the 'Content-Type:' header. In the bits before the payload, I am extracting the filename, and ultimately creating a new content length value. Please tell me there's a less buttugly way to do this (which would also not get broken when some silly client messes with the header order...?? set delimit[string first -nocase "Content-Type:" [HTTP::payload]] incr delimit [string first "\n" [string range [HTTP::payload] $delimit end]] incr delimit 3 set headerz[string range [HTTP::payload] 0 $delimit] set filename [findstr $headerz {filename} 10 {"}] log local0."--Filename: $filename" set payloadz [string range [HTTP::payload] $delimit end] set lengthz [string length $payloadz] log local0."---Payload: $payloadz" Thanks Jan
Help with SOAP Monitor
I am attempting to use the built-in SOAP monitor on an LTM with 10.2.4. I have made several attempts, but no success yet. Any help or advice would be much appreciated! One of the biggest issues I have is how to I validate that the customer has given me a legitimate POST request and that I'm getting back the result they say I should? They claim to have verified using SOAP-UI, and tell me that this request should work but so far my pool members all fail this monitor. Admittedly, I have very little SOAP knowledge and so I'm having trouble deconstructing the SOAP POST request the customer has provided me, with what I need to put in the fields of the monitor. Can someone help me identify what components of this request need to be included in my SOAP monitor fields and what goes where?
HTTPS Monitor with POST request
Hello all i have a pool containing 4 members from 2 physical nodes on 2 different ports: Ex: 10.10.10.44:9443 10.10.10.44:9444 10.10.10.45:9443 10.10.10.45:9444 I need to create a new HTTPS Monitor to check the health of each pool members (All have the same URI to for the same Application) The Dev Team provided us with the following Health Check Request for a Login request: https://10.10.10.44:9443/R13-Live/servlet/BrowserServlet?&method=POST&command=login&signOnName=INPUTT&password=123456&requestType=CREATE.SESSION&counter=0 When i do a "Curl -k (URL)" of the above link, I can see that the page loads properly on the CLI and i receive a "200 OK" response, which I am using as a "receive string" value for now. When I try to do the same in the HTTPS Monitor configuration, as per the following two tests, it was not working at all, Monitor stays down Test 1: (HTTP 1.1) GET /R13-Live/servlet/BrowserServlet?&method=POST&command=login&signOnName=INPUTT&password=123456&requestType=CREATE.SESSION&counter=0 HTTP/1.1\r\nHost: app.test\r\nConnection: Close\r\n\r\n Test 2: (HTTP 1.0) GET /R13-Live/servlet/BrowserServlet?&method=POST&command=login&signOnName=INPUTT&password=123456&requestType=CREATE.SESSION&counter=0\r\n Working Test: when i try only the Main URL Part, it is working: GET /R13-Live/servlet/BrowserServlet\r\n How should i create my Send Request with the provided Link, as i think the POST method in it is creating the issue Thanks, Regards,
iRule to send violation data to a remote end point
Hi Guys, Using an iRule, can I send ASM data collected to a remote end point? I want to send the violation data I am capturing to an API. This would allow us to inject suitable responses back in to our custom applications when events such as malicious file uploads occur. Thank youiRule to change HTTP GET into POST
i have an incoming GET request on my virtual server which i want to change into a POST request towards the node. in princple this would mean: change the word GET into POST change the uri to remove the query part put the query string in the content add a Content-Length header possibly add a Content-Type header but im getting stuck with turning the word GET into POST, this doesnt work: HTTP::method "POST" (error: [wrong args]), same with HTTP::request. i found this irule https://devcentral.f5.com/wiki/iRules.HTTP_mothod_conversion.ashx but it feels quite a lot of work and might not work looking at the comment. is this really so complicated or am i missing something?
Downstream LTM error processing POST proxied from upstream LTM
Strange error encountered. We have a traffic flow that goes: Browser -> LTM1 -> LTM2 -> pool of WebLogic servers We sporadically encounter timeouts on POST requests - tcpdump shows that the POST request makes it to LTM2, and LTM2 initiates a connection to a selected real server, but the POST operation does not complete, and eventually the WebLogic server times out the connection (with an error saying it can't parse the POST content; and the timeout occurs per a "POST read timeout" setting in WebLogic). Detailed iRule logging shows that when this occurs, LTM2 is unable to read the POSTed content ... when I do an HTTP::collect in an HTTP_REQUEST event, it fails to trigger an HTTP_REQUEST_DATA event. Everything appears correct - the Content-Length header is accurate, the POSTed content (per tcpdump) appears to be correct, the same as was received at LTM1, etc. But LTM2 simply doesn't read the content (apparently). There are no logged errors that I can find in the LTM log or anywhere else. Through sheer luck, I stumbled across a workaround - if I do an HTTP::collect in HTTP_REQUEST on LTM1, followed by an HTTP::release in HTTP_REQUEST_DATA ... it magically fixes LTM2's problem. Completely repeatable, take out the iRule on LTM1, the problem begins occurring again; put it in, and the problem goes away, and LTM2 is able to do a successful HTTP::collect/HTTP_REQUEST_DATA sequence. I have a case open with support, but they didn't have any feedback on it to this point. Has anyone encountered a similar situation? We're ok with leaving in this iRule-based fix, but would prefer not to have such a workaround in use. Details on the environment: LTM2 and LTM2 are both at 11.5.2, no hotfixes Both VIPs are SSL ones (though I converted LTM2's VIP to non-SSL, and it didn't change anything) LTM1 is using an Oracle OAM authentication integration via APM (though the OAM processing all occurs cleanly without error, per all logs on LTM1 and the OAM servers); LTM2 doesn't have APM LTM2 does a straight HTTP, non-SSL, connection to the WebLogic servers SNAT pools are in use on both LTM1 and LTM2 OneConnect is used throughout (though turning it off on either LTM1, LTM2 or both had no effect) Caching is disabled on both LTM1 and LTM2 Compression is enabled on both LTM1 and LTM2 (though turning it off on either LTM1 or LTM2 had no effect) Anecdotally, the problem may have gotten worse after we put a firewall between LTM2 and the WebLogic servers; but the firewall processing all looks completely clean, and it's not doing any HTTP inspection, just doing simple IP-based ACLs. Cisco ASA 5585 fw When the F5s are removed from the dataflow, and the browser goes directly to the WebLogic servers, the error does not occur Any thoughts?
