Help with iRule to delete an empty name header or allow HTTP malformed header
Hello guys, I hope you can help me, the scenario is the next, we are replacing an Brocade ADX with an F5 BIGIP, the scenario is like this:
nowadays it exist Client - > PROXY security solution - > BROCADE ADX - > REAL SERVER
What we want is Client - > PROXY security solution - > F5 BIGIP - > REAL SERVER
But here what is happening is, when te request comes from the PROXY it comes with some aditiona headers, within that headers it comes an empty name header, I mean it is a header without a name, the header comes just in this way ":"
Sec-Fetch-Mode: navigate\r\n
Sec-Fetch-User: ?1\r\n
Sec-Fetch-Dest: document\r\n
Accept-Encoding: gzip, br\r\n
Accept-Language: es-MX,es;q=0.9\r\n
Cookie: ZNPCQ003-39303200=cdf1c4c0; BIGipServertest_HTTP_Pool=rd1o00000000000000000000ffffac158091o80\r\n
Cookie pair: ZNPCQ003-39303200=cdf1c4c0
Cookie pair: BIGipServertest_HTTP_Pool=rd1o00000000000000000000ffffac158091o80
Roles: \r\n
: \r\n <<<--------------------------------------------------------------------------------------------------------------------THIS IS THE EMPTY HEADER
[Expert Info (Warning/Protocol): Illegal characters found in header name]
IdCOMPANY: \r\n
isSecondary: \r\n
Telephones: \r\n
ListCompanyNameTelephone: \r\n
email: \r\n
mobilePhone: \r\n
Lastname: \r\n
Name: \r\n
LoginType: \r\n
password: \r\n
logon: \r\n
Via: 1.1 shop.company.com (Access Gateway-ag-728CFCD9FF22A8B6-162297052)\r\n
X-Forwarded-Host: shop.company.com\r\n
Then when the F5 receives that empty header it resets the connection as follows: Malformed HTTP header error, after TMOS 12 the F5 doesn't allow malformed http headers: https://support.f5.com/csp/article/K38905534.
I tried to erase that header with some irules but it was vain:
1 )
when HTTP_REQUEST {
HTTP::header remove ":"
}
2)
when HTTP_REQUEST {
if { [HTTP::header exists ":"] } {
set VALUE [HTTP::header ":"]
HTTP::header remove ":"
log local0. "Empty header value is$VALUE"
}
}
And some more irules unsuccesfuly, I don´t know if that sentence can't recognized that header because there is not a string to match. I was also thinking to erase it as a string or payload: 3a 20 0d 0a, but it matches with a lot of things.
Have someone experienced a similar behavior previously, unfortunately I can't touch the proxy security solution, even take packet captures within it.
Thanks a lot!!!