If you're looking to monitor your headers for a specific string length, we can certainly help with that. Let's use the 32768 character limit that you mentioned above, and look for any headers that are represented as strings longer than that value. We'll send a log message to the /var/log/ltm log if we find one. The code looks like:
when HTTP_REQUEST {
foreach header {[HTTP::header names]} {
if {[string length $header] > 32768} {
log local0. "Header exceeds maximum length! - Header Name: $header, Length: [string length $header], Value: [HTTP::header value $header]"
}
}
}
This should log the information you're looking for. Keep in mind, though, that to do this you're forcing the LTM to loop through every header on every inbound HTTP request. This is probably NOT what you're looking for, as it's going to end up being pretty resource intensive pretty fast. If you're relatively confident that your HTTP headers aren't going to be changing all over the place within the scope of a given connection, you could easily have the LTM just parse through all of the headers once, on the first request that comes in, and then be done with it.
That would look like this:
when CLIENT_ACCEPTED {
set loop 0
}
when HTTP_REQUEST {
if {$loop == 0} {
foreach header {[HTTP::header names]} {
if {[string length $header] > 32768} {
log local0. "Header exceeds maximum length! - Header Name: $header, Length: [string length $header], Value: [HTTP::header value $header]"
}
}
incr loop
}
}
Hopefully that sheds a little light on what you're looking for.
Colin