Forum Discussion
8 Replies
- Michael_JenkinsCirrostratus
In order to check the HTTP request coming in, your best bet is to use the HTTP::collect method, and then do a search on the payload for register... But can you clarify what the body looks like? Will it contain "register xxx.xxx.xxx.xxx" or similar, or are you just wanting to search for "register" and then check the Client IP against a range? Also, instead of checking an excel spreadsheet, you may be better off using a data group that contains your ip ranges, and perform the check against that. SOL3386 talks about data groups.
Regarding the HTTP::collect function, here's an iRule example to get you started.
Collect a request payload when HTTP_REQUEST { if {[HTTP::method] eq "POST"}{ Trigger collection for up to 1MB of data if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } Check if $content_length is not set to 0 if { $content_length > 0} { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { do stuff with the payload set payload [HTTP::payload] }
- ArieAltostratus
Do you need to base it on an actual Microsoft Excel spreadsheet or can you use a Data Group (Data Class) on the BIG-IP?
- Moti_Akrish_637Nimbostratus
Not a must, I can use any form, even source IP equals range, or source IP contains 1.1.1.x inside the iRule itself. it means, something like that: if URI contains "RegisterAgent" and if body contains London and cleint IP equal 1.1.1.x/28 then pass if not drop possible?
have a look at this thread, it explains what you need i believe
https://devcentral.f5.com/questions/create-datagroup-irule-to-use-with-brute-force-ip-list
- Moti_Akrish_637Nimbostratus
I created this: when HTTP_REQUEST { if {([HTTP::payload] contains "register")} { if {([HTTP::payload] contains "location")} { if {([IP::client_addr] contains "1.1.1.")} { log local0. "Using uri-match pool - [HTTP::uri]" pool $defaultpool } else { drop log local0. "No uri matched using no-uri-match pool - [HTTP::uri]" if { !([HTTP::uri] contains "register") }{ pool $defaultpool } } } } }
does it looks like it'll work? I can only test it next Monday.
Thanks!
- Michael_JenkinsCirrostratus
That won't work, because you have to collect the payload before you can acesss it (through the HTTP_REQUEST_DATA event)... Your example was a little confusing, so I may not have understood your logic too well. But try something like this (you'll need to modify it if you're wanting to use a datagroup instead of static payload values):
Collect a request payload when HTTP_REQUEST { if {[HTTP::method] eq "POST"}{ Trigger collection for up to 1MB of data if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } Check if $content_length is not set to 0 if { $content_length > 0} { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { do stuff with the payload set payload [HTTP::payload] if { [HTTP::payload] contains "register" } { if { [HTTP::payload] contains "Location" && [IP::addr [IP::client_addr] equals "1.1.1.1/24"] } { log local0. "Using uri-match pool - [HTTP::uri]" pool $defaultpool return } else { log local0. "No uri matched using no-uri-match pool - [HTTP::uri]" drop return } } if { not ([string tolower [HTTP::uri]] contains "register") } { pool $defaultpool } }
- Moti_Akrish_637Nimbostratus
Thanks guys it works! I just added the set defaultpool [LB::server pool]
Thanks Michael for all the help.
- Michael_JenkinsCirrostratusGlad it's working. If you could, please mark the answer as the solution in case others are looking for a similar solution. Thanks!