Forum Discussion
The specific irule parts are below when RULE_INIT {
Log debug to /var/log/ltm? 1=yes, 0=noset static::debug 0
} when HTTP_REQUEST { Collect up to the first 1MB of POST data log local0. "Checking post method [HTTP::method] uri: [HTTP::uri] http_version: [HTTP::version] IP: [IP::client_addr]" log local0. "Headers: [HTTP::request]" if {[HTTP::method] eq "POST"} {
Check if there is a content-length header and the value is set to less than 1Mb
if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 10048576}
{
set clength [HTTP::header "Content-Length"]
} else
{
set clength 10048576
}
log local0. "Checking content length $clength IP: [IP::client_addr]"
if { $clength > 0}
{
if {$static::debug}{log local0. "[virtual name]: Collecting $clength bytes IP: [IP::client_addr]"}
HTTP::collect [HTTP::header "Content-Length"]
}
}
} when HTTP_REQUEST_DATA {
incoming datalog local0. "$[HTTP::payload]" set vendoridincoming [findstr [HTTP::payload] "BuyerCookie" 12 100] log local0. "Vendorid from live incoming request is $vendoridincoming"
Save a class name to search throughset class_name Vendorlist log local0. "$class_name" set success 0
Save a search ID for the datagroupset id [class startsearch $class_name] log local0. "$id" set vendorlistsize 0 log local0. "$vendorlistsize"
Loop through the class row by rowwhile {[class anymore $class_name $id]} { set element [class nextelement $class_name $id] log local0. "[class nextelement $class_name $id]: $element" set vendorid [class element -name $vendorlistsize $class_name] set vendorsharedsecret [class element -value $vendorlistsize $class_name] log local0. "vendorid at position $vendorlistsize is $vendorid" log local0. "vendorsharedsecret at position $vendorlistsize is $vendorsharedsecret" if {$vendoridincoming contains $vendorid} { log local0. "Incoming Vendor id matched with $vendorid" if {[HTTP::payload] contains $vendorsharedsecret} { log local0. "Incoming Vendor Shared Secret matched with $vendorsharedsecret" set success 1 break } } incr vendorlistsize unset vendorid unset vendorsharedsecret }
Clean up the searchclass donesearch $class_name $id if {$success==1} { reject HTTP::respond 200 content { Access Denied You have attempted an authorised access to this site
Your attempt has been logged and may be prosecuted. } } } when HTTP_RESPONSE { log local0. "In http response" log local0. "succes at start of http response is $success" if {$success == 1}{ log local0. "Vendor matched" log local0. "succes at if success is $success" } else { log local0. "Vendor Shared Secret not matched" log local0. "succes at else failure response is $success" HTTP::respond 200 content { Access Denied You have attempted an authorised access to this site Your attempt has been logged and may be prosecuted. } reject } }