Forum Discussion

maximillean_953's avatar
maximillean_953
Icon for Nimbostratus rankNimbostratus
Apr 11, 2019

regex irule without payload change

Hi, I try to write an irule which logs client ip with posted username on a json request. I can able to gather full post payload but that includes the password and other info so i generate a regex to only write the client ip and username on the log file but when i use regex vserver starts to reset connection. If i avoid regex and collect ip and full json payload no problem. Can anyone help me regarding this example? Appriciated.

 

when HTTP_REQUEST {
       if { [HTTP::method] eq "POST" and [HTTP::uri] starts_with "/api/test/login" } {
       set log_msg ""
       set client_ip [IP::remote_addr]
       set paypay [HTTP::payload]
       set pay [HTTP::payload] 
       append log_msg "client_ip=$client_ip "
       append log_msg [regexp {(?<=\{"username":").*?(?=",)} $paypay]
       append log_msg "$paypay"
       log local0. $payload
       log 1.1.1.1 local0. $log_msg
          }
    }

 

1 Reply

  • I would use iRules LX for anything JSON related. Take a look at my code share on replacing JSON objects for some ideas (https://community.f5.com/t5/codeshare/simple-iruleslx-json-rewrite/ta-p/289095),

    You can write a very simple version just to return the username and IP address as list back to TCL.

    Take the following JSON data:

     

    {  
        "username":"Jason",
        "ip":"192.168.1.1"
    }
    

     

    You can pass the JSON payload to iRules LX an return the values based on the keys that you pass in.

    So you could pass in the payload, 'username' and 'ip' to iRules LX

     

    set result [ILX::call $rpcHandle "myMethod" [HTTP::payload] "username" "ip"]

     

    From there you can write a very simple script to return the values:

     

    const f5 = require('f5-nodejs');
    const ilx = new f5.ILXServer();
    
    function myMethod(req, res) {
        var json = JSON.parse(req.params()[0]);
        var jsonUser = req.params()[1];
        var jsonIp = req.params()[2];
    
        var user = json[jsonUser];
        var ip = json[jsonIp];
    
        res.reply(user + ' ' + ip);
    }
    
    ilx.addMethod('myMethod', myMethod);
    ilx.listen();    
    

     

    This will return username and ip which TCL can interpret as a list e.g

     

    set username [lindex $result 0]
    set ip [lindex $result 1]