Matching binary data with NULLs from HTTP post data

Sorry for the delay on the response, I've been trying to get my hand around binary parsing and how it works within the HTTP profile. What I'd recommend is that you use the TCL regexp command to do the regular expression as I'm not sure if the matches_regexp supports hex escaping the same way that regexp does.

First, I'd give this a shot.

when HTTP_REQUEST {
  if { [HTTP::method] == "POST" } {
    HTTP::collect [HTTP::header Content-Length]
  }
}
when HTTP_REQUEST_DATA {
  if { [regexp {\x03\xB0(.*)\x00} [HTTP::payload]] } {
    pool B_pool
  } else {
    pool A_pool
  }
  HTTP::release
}

I verfied that this works with the following TCL:

set f [binary format a4hHa3h lala 3 B0 abc 0]
if { [regexp {\x03\xB0(.*)\x00} $f] {
  log local0. "found match!"
}

On thing I found out from one of the developers is that the HTTP::payload at one point had issues with converting binary data with a value greater than the ascii character set (128). your \xB0 falls into this category. The issues was that it would up-convert it into a larger hex size. This is fixed in the latest versions of BIG-IP. So depending on your version of BIG-IP, this may or may not be the issue.

Anyway, if you've tried the regexp above and it is still not working, we'll need to get a trace of the HTTP::payload. You could try passing it to the log file (log local0. [HTTP::payload]). Not sure how that will handle binary data though. A tcpdump of the traffic would be helpful as well to determine that the value passed in the POST data is the same that is coming out in the HTTP::payload command.

-Joe

Thanks for the tips Joe, I'll post my results here when I've got the test environment set up again.

Can't wait to hear if it works...

 

 

-Joe