I have a client app that send JSON requests to the server pool. The requests are compressed with GZIP and I'm sending a Content-Encoding: gzip header. F5 doesn't seem to uncompress the responses - Policy Builder cannot recognize my JSON data and I get a lot of HTTP compliance errors due to ASM looking at the compressed body instread of uncompressing it. I couldn't find anything about uncompressing client requests (just an old, unanswered post from 2009). What am I missing? How can I configure ASM (or LTM) to uncompress the data before the policy is enforced?

Sorry but it's not clear what is being compressed (or not) here. Are the requests compressed or the responses? Are the real servers doing the compression? If so, I suspect you'll need to offload that task to the F5 which is no bad thing.

Avshalom Have you configured a JSON Content Profile and applied it to a Parameter/URL in the ASM policy? Think this only applies to v11, however. I wonder if this would help at all. Rgds N

Yeah - configured a JSON profile manually and applied to the URL of the service endpoint - I always get "Malformed JSON". When viewing the request, I see the compressed binary data. The JSON is definitley well-formed and passes lint tests. The only explanation I can see is that ASM is not uncompressing the GZIP in the request. I know it can compress/uncompress responses, but I haven't seen anywhere where I can configure it to uncompress requests Without this functionality, I will have to drop gzip compression, which will greatly impact my app's performance. It seems to defy logic that there isn't such a functionality... Thanks, Avshalom

The CLIENT compresses the REQUESTS sent to the server. right now, I don't care if the server will decompress or F5 - what I'm interseted in, is to apply my ASM policy (parameters, lengths, signatures, etc.) to the JSON payload coming from the CLIENT in the REQUSET. The problem is that the policy in ASM is not applied to the content bacause ASM only sees the gzip binary data and not the JSON text. Here is a sample REQUEST, as logged in ASM (header values modified a bit to protect customer info): POST /endpoint/service/?param1=AAADDD HTTP/1.1 Accept: application/json Content-type: application/json Content-Encoding: gzip User-Agent: CUSTOM Host: example.com:21499 Connection: Keep-Alive Content-Length: 12547 Y�Ɇ��Ȼ�|{��>,>6>M�)�ɖɦ��w�(R�UwvV553��bvfB�*o'2O��n�]�}>{wFB�sA�$�N��R��_��_��[��Շ5��b�ݮ~={��y��'�ۿ��fs�_%1(��nu��g��މA��vu;a��z�o7��7�ǳw��?��rs7|~��\߮ReplaceWith?��~� Fc0��?��4٘�z�V��TF9��bKƄ��e$�珛��g�AyE�� U!H��M�Ұ��p��_�<<~��<|~�/��\?>�] M��MW��pNAI�CpB�� ,�R��6t�vR��0�ߜ/�u�\|�l>ܮ_��p��ps

uncompress gzip REQUEST with JSON

24 Replies

What_Lies_Bene1
Cirrostratus
Feb 27, 2013
I was just wondering, I knew Apache supported compressed requests through mod_deflate but didn't know of any others, now I do. Anyway, it seems like there's no happy ending for this one unfortunately.
What_Lies_Bene1
Cirrostratus
Mar 07, 2013
I've just been browsing the iRules wiki and it would seem request compression is supported in v11, as indicated by the COMPRESS:: enable 'request' subcommand: https://devcentral.f5.com/wiki/iRules.COMPRESS__enable.ashx. No real detail on how it works but I'm sure it could be tested quite easily.
wsanders_233261
Nimbostratus
Apr 30, 2018
As far as I know the LTM will pass-through compression headers and compressed content unless you have an http-compression profile attached to your virtual. My F5's have enough to do without adding uncompression to their load, and, more importantly, compression seems to break chunking with some HTTP client libraries, so I have never used a http-compression profile.
Walter_Kacynski
Cirrostratus
May 11, 2018
There is an iRule DECOMPRESS::enable request that will accomplish this goal. I opened a support case and the engineer gave me a solution. I tested it with an LTM policy or here is the iRule:

when HTTP_REQUEST { log local0. "**HTTP Request Received**" if { [HTTP::header "Content-Encoding"] contains "gzip"} { DECOMPRESS::enable request log local0. "Content-Encoding is GZIP, DECOMPRESS" } }

I verified that content is uncompressed.
vagabondino_377
Nimbostratus
Nov 28, 2018
Hi Walter please can you help me because I have used your code but it seems that it doesn't work for my web app? How can I use it? How did you verify that content of your request is uncompressed?
- vagabondino_377
  Nimbostratus
  Nov 28, 2018
  Thanks very much
- Walter_Kacynski
  Cirrostratus
  Nov 28, 2018
  I'm not sure, it worked for me. I don't know what setup you have to steer you in the correct direction. Can you dump out some of your virtual server configuration?
- vagabondino_377
  Nimbostratus
  Nov 28, 2018
  Here is my virtual server configuration:
  
  ltm virtual d1co-collsiopeplus-a2a { address-status yes app-service none auth none auto-lasthop default bwc-policy none clone-pools none cmp-enabled yes connection-limit 0 description colla2a.siopeplus.it destination 172.23.128.93%1:https enabled fallback-persistence none flow-eviction-policy none gtm-score 0 ip-intelligence-policy none ip-protocol tcp last-hop-pool none mask 255.255.255.255 metadata none mirror disabled mobile-app-tunnel disabled nat64 disabled partition Common per-flow-request-access-policy none persist none policies { asm_auto_l7_policy__d1co-collsiopeplus-a2a { } } pool d1co-collsiopeplus-a2a profiles { ASM_d1co-collsiopeplus-a2a-443_temp { context all } d1co-collsiopeplus-a2a { context clientside } d1co-collsiopeplus-a2a-443 { context all } http { context all } tcp { context all } websecurity { context all } } rate-class none rate-limit disabled rate-limit-dst-mask 0 rate-limit-mode object rate-limit-src-mask 0 related-rules none rules { Direct_client-server_authentication d1co-siopeplus-a2a-throttle-get } security-log-profiles { local_allresp_allreq remote_allresp_allreq } service-down-immediate-action none service-policy none source 0.0.0.0%1/0 source-address-translation { pool none type none } source-port preserve syn-cookie-status not-activated traffic-classes none translate-address enabled translate-port enabled transparent-nexthop none urldb-feed-policy none vlans { D1-COLL-LB-EST-FE.128.0-23 } vlans-enabled vs-index 114 }

Forum Discussion

uncompress gzip REQUEST with JSON

24 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Gzip content when using HTTP::respond

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

"Could not uncompress compressed request content" error

Using Client Subnet in DNS Requests