Hi All, We have the RAMCACHE module installed and are seeing a high rate of evictions. After some further investigation, it appears that we have someone linking to our images using a random querystring (i.e.: http://site.com/img/image.jpg?random=XXXXXX This is generating many copies of this image in our cache. Can someone explain a possible iRule solution to strip off the querystring an make it so that they can no longer do this? In addition, do you know of any iRule which would stop someone from leeching our images. i.e.: If the image isn't being requested from one of our domains in the browser url, then send back a fake image? Any help you could provide would be greatly appreciated!!

Check out example on using CACHE::uri if you are using 9.2 or later release. This rule sets the effective URI without modifying it on the wire.

You could definitely check to see if the URI requested contains the string ".jpg" and then check the "Referer" (sic) header and check to see if it comes from your sites. I don't have time to write it for you, but it should be pretty straightforward to do this sort of rule.

There is a related example in the codeshare for restricting access to specific file types using the referer header. Click here Aaron

Hi All, Thank you for the responses. I'm going to try an example of the CacheBusterBuster in hopes that you can help fill in the blanks. We have requests that come in for static content such as these: http://site.com/image/image.jpg?12313 http://site.com/image/image.jpg?random=12313 http://site.com/swf/mysef.swf?r=6644 I'd like to be able to just return the object that is already in cache - here is a starting point: iRule = CacheBusterBuster when CACHE_REQUEST { if { [string tolower [HTTP::uri]] contains "?" } { CACHE::Uri [string first {?} [HTTP::uri] 0] } } Please let me know if this will work or if there is a better way to do this? Thanks!

'[string first {?} $myUri 0]' will return an index of the first occurrence of the ? character. You could use that index in string range to get all characters up to that index: [string range [HTTP::uri] 0 [expr [string first {?} [HTTP::uri] 0] - 1] Or you could just use HTTP::path to get the path and object (/image/image.jpg for example) without the query string. Aaron

Image Leeching / Random querystring fix?

12 Replies

Darren_Person_2
Nimbostratus
May 11, 2007
Hi All,

Just wanted to thank you for all your help! It turned out that we were on an older version and did the upgrade - here is the final code which we are now running:

when HTTP_REQUEST {

set filePath [string tolower [HTTP::path]]

if { ($filePath ends_with ".jpg") or ($filePath ends_with ".swf")}{

CACHE::uri [HTTP::host][HTTP::path]

}

}

There should probably be a bunch of files in this list (*.jpg, *.gif, *.pdf, *.swf, *.xml, etc). If anyone can think of a cleaner way to implement this then using "or", I'd be interested (please keep in mind any performance hits associated with using match or switch satements).

Thanks again!!
Joe_Pruitt
May 11, 2007
There are several ways you can cleanly add multiple extensions to compare against.

1. Use a switch statement with file globbing (much more optimal than regular expressions.
when HTTP_REQUEST { switch -glob [string tolower [HTTP::path]] { "*.jpg" - "*.gif" - "*.swf" - "*.pdf" - "*.xml" { CACHE::uri [HTTP::host][HTTP::path] } } }

I'm not sure how this performs compared to an equivalent set of chained "or" expressions using the ends_with operator. It's most likely fairly equal so I'd go with the approach that is easier to read to you.

2. using a data group (aka class) to contain the extensions and then using the matchclass command to search that list. Only go this route if you need to externalize your list and/or the items in your list number more than 100. It's been calculated that for items under 100 a switch with globbing is a little faster than a matchclass.
bigip.conf rendering on the class

class cache_extensions {

.jpg

.gif

.pdf

.swf

.xml

}
when HTTP_REQUEST { if { [matchclass [string tolower [HTTP::path]] ends_with $::cache_extensions] } { CACHE::uri [HTTP::host][HTTP::path] } }

We've got a topic in the wiki that goes over some general rules of thumb for writing fast iRules.
http://devcentral.f5.com/wiki/default.aspx/iRules/HowToWriteFastRules.html
Click here

Good luck and let us know if you find anything interesting during your implementation.

-Joe

Forum Discussion

Image Leeching / Random querystring fix?

12 Replies

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Random String Generators

Change original source IP to random in ASM logs

random letter generator

Random does not Necessarily Mean Random

PowerShell to iRule AES-CBC conversation using random IV values