Nimbostratus
Nimbostratus
I did some modification on the iRule provided earlier to check only on header size is larger than 65536 bytes else do nothing.
The reason is if http request length more than 10000 doesn't mean it's more than 32 or 64KB. Please correct me if I'm wrong.
Please advice on iRule below:
when HTTP_REQUEST {
set hlength [string length [HTTP::query]]
if { $hlength > 32768 } {
Check the total HTTP headers size
if {[string length [HTTP::request]] > 10000 }{
Check if the URI is very long
if {[string length [HTTP::uri]] > 1000}{
log local0. "Uri is long. Length [string length [HTTP::uri]], URI: [HTTP::uri]"
Exit this event from this iRule
return
}
Loop through the headers by name
foreach header {[HTTP::header names]} {
Check for a long header value
if {[string length [HTTP::header value $header]] > 1000 } {
log local0. "Header is long. Header Name: $header,\
Length: [string length [HTTP::header value $header]], Value: [HTTP::header value $header]"
Exit this event from this iRule
return
}
}
If we are still here the request was large, but not the URI or any single header.
Log the first 1k bytes of the full request
log local0. "Request is long: [HTTP::request]"
}
}
}
Thanks,
chiewming