The HTTP_REQUEST event is triggered when the HTTP headers in the request are parsed. If the request doesn't contain valid HTTP, the event won't be triggered. Events following HTTP_REQUEST will not be triggered either.
To validate the request is HTTP as you're intending, you'd need to trigger the collection of the TCP payload in CLIENT_ACCEPTED and look for a string like HTTP (as in the HTTP in 'GET / HTTP/1.0') once the data is collected in CLIENT_DATA.
If you wanted to pass non-HTTP traffic through the VIP, you would want to disable the HTTP profile after determining it's not HTTP in the CLIENT_DATA event.
Enforcing HTTP method used against a list of allowed methods is a good step towards validating HTTP requests. As a step towards tigher security, you might want to remove the PUT, DELETE, CONNECT, TRACE and OPTIONS unless the application specifically requires their use.
Here is an (untested) example of the above steps:
when RULE_INIT {
Log debug to /var/log/ltm? 1=yes, 0=no.
set ::http_debug 1
}
when CLIENT_ACCEPTED {
if {$::http_debug}{ log local0. "[IP::client_addr]:[TCP::client_port]: Collecting data"}
Trigger the collection of at least 15 bytes of data.
TCP::collect 15
}
when CLIENT_DATA {
Log the collected data.
if {$::http_debug}{ log local0. "[IP::client_addr]:[TCP::client_port]: collected payload ([TCP::payload length]): [TCP::payload]"}
Check if the collected payload doesn't contain HTTP.
if { not ([TCP::payload] contains "HTTP") } {
Disable the HTTP profile as this doesn't appear to be HTTP.
HTTP::disable
Forward request? Else, it will be sent to the VIP's default pool.
if {$::http_debug}{ log local0. "[IP::client_addr]:[TCP::client_port]: Releasing. We collected this much data: [TCP::release]"}
Stop processing the rule for this connection.
return
}
}
when HTTP_REQUEST {
This event will only be triggered if the HTTP profile is enabled
if {$::http_debug}{ log local0. "[IP::client_addr]:[TCP::client_port]: request was parsed as HTTP"}
Perform validation of HTTP method?
}
You can check the iRule wiki for details on the various commands (
Click here😞
Aaron