Hi,
The regex you have listed matches the sample cards on the page. Are the server responses compressed? Can you log any portion of the response using log commands?
Else, another option...
The CC scrubber rule collects the response data in order to apply the regex and remove the unwanted strings. I think you'd see significant performance improvement using an iRule and a stream profile instead. The stream profile provides search/replace functionality as the HTTP data is passed through. The search parameter in a stream expression can be a regex.
If you're on a version lower than 9.4.0, you need to set response chunking to rechunk on the HTTP profile as described in SOL6422 / CR53771. Also, due to a bug described in SOL6741 / CR70146 (fixed in 9.4.0), TMM restarts if the response is over 4Mb.
when RULE_INIT {
This regex defines what strings are considired a credit card. Wrap the regex in curly braces.
set ::cc_regex {(?:3[4-7]\d{1,3})|(?:4\d{1,5})|(?:5[1-5]\d{1,4})|(?:6011\d{1,2})}
Replace the matched strings with this string. It can be blank to remove the string altogether.
set ::replacement_text "xxxxxxxxxxxxxxxx"
As an example, this is a way to limit which requests to check the responses from.
set ::uris_to_check_response [list \
.aspx \
.asp \
.html \
]
Log debug to /var/log/ltm? 1=yes, 0=no.
set ::cc_replace_debug 1
}
when HTTP_REQUEST {
Don't check responses by default
set check_response 0
Check if response
if {[matchclass [string tolower [HTTP::path]] ends_with $::uris_to_check_response]}{
set check_response 1
}
}
when HTTP_RESPONSE {
Disable the stream filter by default
STREAM::disable
Check the response if the response we want to check. You can check all text responses, and/or based on the request type
if {[HTTP::header value Content-Type] contains "text" and $check_response}{
Don't apply the stream profile against 4+Mb response sizes or TMM will restart (reference: SOL6741 / CR70146)
You can remove this check if your version has a fix for this issue.
if {[HTTP::header exists Content-Length] and [HTTP::header value Content-Length] < 4194304}{
Wildcard match
set stream_expression {@$::cc_regex@$::replacement_text@}
Set the find/replace strings
STREAM::expression $stream_expression
if {$::debug}{
log local0. "Current stream expression: $stream_expression"
}
Enable the stream filter for this response
STREAM::enable
}
}
}
STREAM_MATCHED is triggered when the stream filter's find string is found
when STREAM_MATCHED {
Log the string which matched the stream profile
if {$::debug}{
log local0. "Matched: [STREAM::match]"
}
}
Note, I haven't tested this version of a rule. It's adapted from a related one I've used in the past. If you try this and run into any issues, please let me know.
Thanks,
Aaron