Forum Discussion

Mike_Leone_6274's avatar
Mike_Leone_6274
Icon for Nimbostratus rankNimbostratus
Apr 05, 2012

HTTP content rewrite iRule

We're using the following iRule to rewrite some http requests, but it's generating errors in the system logs because the HTTP:collect call is running when there is no content to correct.

 

 

The error is:

 

011f0007:3: http_process_state_early_100continue - Invalid action EV_COLLECT

 

during ST_HTTP_EARLY_100CONTINUE

 

 

 

I'm pretty sure the issue is somewhere around this line:

 

if { $content_len > 0 && [HTTP::status] != 100 } {

 

 

 

Not sure why it's even running a collect if the http status is 100...

 

 

 

 

 

 

 

 

 

when HTTP_REQUEST {

 

set usentlm 0

 

if { ([HTTP::uri] starts_with "/sso/autodiscover/") } {

 

log "OWA Rewrite for autodiscover SSO engaged"

 

set usentlm 1

 

HTTP::uri [string map { /sso/autodiscover/ /autodiscover/ } [HTTP::uri]]

 

HTTP::uri "/autodiscover/autodiscover.xml"

 

 

 

Don't allow data to be chunked.

 

if {[HTTP::version] == "1.1"} {

 

if {[HTTP::header is_keepalive]} {

 

Adjust the Connection header.

 

HTTP::header replace "Connection" "Keep-Alive"

 

}

 

HTTP::version "1.0"

 

}

 

}

 

}

 

 

 

when HTTP_RESPONSE {

 

if { $usentlm equals 1 } {

 

if {[HTTP::header exists "Content-Length"]} {

 

set content_len [HTTP::header "Content-Length"]

 

} else {

 

set content_len 4294967295

 

}

 

if { $content_len > 0 && [HTTP::status] != 100 } {

 

HTTP::collect $content_len

 

}

 

}

 

}

 

 

 

when HTTP_RESPONSE_DATA {

 

if { $usentlm equals 1 } {

 

set payload [HTTP::payload]

 

set length [HTTP::payload length]

 

set new_payload [string map {Basic Ntlm} $payload]

 

if { $new_payload ne $payload } {

 

Replace the content if there was any matches

 

log "SSO Autodiscover rule applied"

 

HTTP::payload replace 0 $length $new_payload

 

}

 

}

 

}

 

 

1 Reply

  • Hi Mike,

    I'm not sure why that error would be triggered, but I suggest switching from collecting the payloads with HTTP::collect to using a stream profile to rewrite Basic to NTLM. The stream profile and iRule should be more efficient than buffering the full payload. See the STREAM::expression wiki page for details:

    https://devcentral.f5.com/wiki/iRules.stream__expression.ashx

    If you do stick with HTTP::collect, change 4294967295 to 1024000 to avoid coring TMM or potentially taking all available memory for a single connection.

    Here's an untested example for using a stream profile and iRule to do the rewrite:

    
    
    when HTTP_REQUEST {
    
     Log debug to /var/log/ltm? 1=yes, 0=no.
    set stream_debug 1
    
     Disable the stream filter by default
    STREAM::disable
    
    set usentlm 0
    if { ([HTTP::uri] starts_with "/sso/autodiscover/") } {
     log "OWA Rewrite for autodiscover SSO engaged"
    set usentlm 1
    HTTP::uri [string map { /sso/autodiscover/ /autodiscover/ } [HTTP::uri]]
     HTTP::uri "/autodiscover/autodiscover.xml"
    if {$stream_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Rewrote [HTTP::uri] to\
    [string map { /sso/autodiscover/ /autodiscover/ } [HTTP::uri]]"}
     Don't allow data to be chunked.
    if {[HTTP::version] == "1.1"} {
    if {[HTTP::header is_keepalive]} {
     Adjust the Connection header.
    HTTP::header replace "Connection" "Keep-Alive"
    }
    HTTP::version "1.0"
    }
    }
    }
    
    when HTTP_RESPONSE {
    if { $usentlm == 1 } {
    if {[HTTP::header "Content-Type"] starts_with "text/"} {
    if {$stream_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Enabling stream for [HTTP::header "Content-Type"]"}
    STREAM::expression {@[bB]asic@Ntlm@}
    STREAM::enable
    } else {
    if {$stream_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Disabling stream for [HTTP::header "Content-Type"]"}
    STREAM::disable
    }
    }
    }
    when STREAM_MATCHED {
     Debug only. Comment out or remove when testing is complete
    if {$stream_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: matched: [STREAM::match]"}
    }
    

    Aaron