Forum Discussion

jgranieri_42214's avatar
jgranieri_42214
Icon for Nimbostratus rankNimbostratus
Apr 30, 2013

HTTP Payload Parsing not working as expected

Hello,

 

 

I am trying to load balance based of a UN string seen in the HTTP Payload, i was able to do this in TCP Payload for another VIP without any issues.I have tried multiple iterations of irules to accomplish this, i used a dev central irule to extract the http headers and this is an excerpt i am focusing on.

 

 

Basically I want to inspect the HTTP payload and loadbalance based on the value after UN:

 

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : ============================

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : <<< HTTP Headers >>>

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : OP: 0

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : UN: xxxxxxxxxxx

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : PW: yyyyyyyyyyy

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : client_source: zz

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : client_version: 6.2.0.17

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : app_type: APPLICATION

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : app_name: zz

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : User-Agent: Java/1.6.0_26

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : Host: something.abc.com

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : Accept: text/html, image/gif, mage/jpeg,*; q=.2, */*; q=.2

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : Connection: keep-alive

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : <<< URI >>>

 

Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : HTTP::uri: /ff/ggggggg

 

 

 

Here are some of the irules I have tried without success, any idea's are greatly appreciated.

 

 

-----------------------------------------------------------------------

 

when HTTP_REQUEST {

 

if { [HTTP::header "UN:"] contains "@ATEST4" } {

 

pool Leg1

 

} else {

 

pool Leg2

 

}

 

}

 

-----------------------------------------------------------------------(tried using a class below)-----

 

 

when HTTP_REQUEST {

 

if {[class match [HTTP::header "User-Agent"] contains UserID] } {

 

pool Leg1

 

} else

 

pool Leg2

 

}

 

-----------------------------------------------------------------------

 

 

 

when CLIENT_ACCEPTED {

 

HTTP::collect 1500

 

 

}

 

when CLIENT_DATA {

 

log local0. "in CLIENT_DATA"

 

if { [HTTP::payload] contains "xxxxx" } {

 

pool Leg1

 

} else {

 

pool Leg2

 

}

 

HTTP::release

 

}

 

-----------------------------------------------------------------------

 

 

when CLIENT_ACCEPTED {

 

TCP::collect 1000

 

 

}

 

when CLIENT_DATA {

 

log local0. "in CLIENT_DATA"

 

if { [TCP::payload] contains "xxxxx" } {

 

pool Leg1

 

} else {

 

pool Leg2

 

}

 

TCP::release

 

}

 

______________________________________________________

 

 

 

9 Replies

  • It looks like UN is a HTTP header so I'd have thought this would work (removed the :);

    
    when HTTP_REQUEST {
      if { [HTTP::header "UN"] contains "@ATEST4" }  { 
        pool Leg1
      } else { 
        pool Leg2 
      }
    }
    
  • Let me try that and see it works...

     

    I did try parsing the HTTP headers but see I had some incorrect syntaz being used.

     

     

  • I modified the irules and tried parsing the on the header, it initiall works but now the issue seems that even when the header doesn't match it still gets routed to the wrong pool. I have no persistence configured on the VIP.

     

     

    when i login with a username containing xxxxx it goes to the correct pool. Next login uses a different username such as yyyy and it should go to the 2nd pool but it doesnt, I verified via tcpdump it still goes to the first pool

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::header "UN"] contains "@xxxxx" } {

     

    pool Pool1

     

    } else {

     

    pool Pool2

     

    }

     

    }

     

    ---------------------------------------------------------------------------------

     

    second irule uses a data group and string value no such luck:

     

     

    when HTTP_REQUEST {

     

    if {[class match [HTTP::header "UN: "] contains UserID] } {

     

    pool Pool1

     

    } else {

     

    pool Pool2

     

    }

     

    }

     

     

    ---------------------------------------------------------------------------------

     

    Any idea's on why this is occuring if the persistence profile is sent to none ?

     

     

  • I only have the standard http profile enabled...

     

     

     

    no one-connect profile
  • Sorry, I should have said, if you don't have oneConnect enabled on the virtual server, please enable it and test.
  • I just tried it with a One_Connect profile, same issue. no change in behavior.

     

     

    Odd thing is that I have done parsing with TCP Payload and had no issues directing certain traffic based on tcp payload names
  • this is working... the entire username string was needed, part of the username didnt work. thanks for everyones input!