Joe_Hsy_45207
Mar 09, 2007Nimbostratus
Suggested fix for CreditCardScrubber and Phishing-Prevention samples on pages without the Content-length header
Hi,
If you wrote an iRule based on the CreditCardScrubber or Phishing-Prevention and are running them against web sites that serve pages without the Content-length header (i.e. chunking servers), you may not be aware that the iRule may not work be working consistently.
After much hair-pulling and experimentation, I've discovered why my iRule (as well as the sample CCS and PP iRules) was not working for these pages. It turns out that calling HTTP:collect with 4294967295 fails to generate the necessary HTTP_RESPONSE_DATA invocation.
I found this quite by accident. Just to see what would happen, I manually set HTTP::collect to the exact size of my page content (77) and *BAM*, everything worked. So, I upped it to 100 and again it worked. So, I kept ratcheting it up and as I got around 3 gigs, I started to see intermittent missing HTTP_RESPONSE_DATA again.
While I certainly don't know for sure, I suspect that when calling HTTP:collect with a very large number (4 gig+) it may fail due to memory allocation. I finally settled on using HTTP:collect 1000000000 (1 gig) just to be safe and it has been very stable on our boxes (running 9.2 and 9.4).
I don't know if anyone else has run into this issue, but I would suggest to the powers that be that the sample iRules be changed to deal with this issue. It would also be good have a better theoretical basis for choosing the number as opposed to empirical experimentation. 8-)
Thanks!
//Joe