Forum Discussion

F5-User_203510's avatar
F5-User_203510
Icon for Nimbostratus rankNimbostratus
Nov 05, 2015

Capture and Store user requests from each Source IP

We have a virtual server configured with IP and port --> 10.50.171.8 : 443 (HTTPS)

 

The traffic that comes to this Virtual Server IP is from clients (banks and ATM Machines) which is further load balanced over servers. We have used an iRULE with this virtual server:

 

when HTTP_REQUEST { switch -glob [HTTP::uri] {

 

"/abc" {

 

pool ABC

 

HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] }

 

"/XYZ" {

 

pool XYZ

 

HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] }

 

......The irule list goes on....

 

PROBLEM: when F5 receives the request from client (Bank/ATM) on

 

https://10.50.171.8/XYZ

 

It load balances the request to pool "XYZ" as specified in iRULE.

 

Unfortunately, the Servers/Nodes are receiving INVALID DATA from some source which cannot be identified on servers. We can see the invalid data on server but not the source IP of it.

 

REQUIREMENT: We want to know which Source IP is sending INVALID Data and for that we would like to store complete request and response data and everything that can help us identify the source IP that is sending the invalid data.

 

Could you please send us the iRULE script that we can attach to our Virtual Server and store logs on F5 or remote log server?

 

Thanks.

 

3 Replies

  • Hi,

     

    Had X-Forwarding-For header in http profile and log this header in the web server.

     

  • The X-Forwarding-For feature is not supported on Server. Can we make an irule that can log HTTPS traffic ?

     

    upto now I am not sure if we can log HTTPS traffic. I have seen HTTP traffic but not HTTPS traffic.

     

    Please help.

     

  • The X-Forwarding-For feature is not supported on Server. Can we make an irule that can log HTTPS traffic ?

     

    upto now I am not sure if we can log HTTPS traffic. I have seen HTTP traffic but not HTTPS traffic.

     

    Please help.