Forum Discussion

Shane_Benting_5's avatar
Shane_Benting_5
Icon for Nimbostratus rankNimbostratus
May 23, 2008

Rewriting POST Data

I have an application where we offloaded the SSL onto the LTM. The client will initially do a GET to pull a WSDL and we rewrite the response via a stream profile so the URL sent to the client is https. However, when the client then POSTs their data to the https URL, the application is confused since it received the data over what it thought was HTTP.

 

 

Is there an easy way to rewrite the POST data? I haven't been able to find any similar examples searching the forums. I have been able to put together the below iRule, but it seems to stop functioning after a while and blocks all HTTP traffic (I haven't even been able to verify that it works). I also get the feeling that this is a resource-intensive way to rewrite the data. It seems like there must be a better solution.

 

 

when CLIENT_ACCEPTED {

 

TCP::collect

 

}

 

 

when CLIENT_DATA {

 

regsub -all "https://www.example.com" [TCP::payload] "http://www.example.com" newdata

 

TCP::payload replace 0 [TCP::payload length] $newdata

 

TCP::release

 

}
application delivery
dev
devops
iRules

4 Replies

Sort By
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    May 26, 2008
    Hi,

     

     

    i'm afraid that if you need to manipulate POST Data you have to handle it the way you do.

     

     

    I confirm regsub may be CPU expensive, you have a command timing to check how much your iRule is consuming Click here
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 26, 2008
    How about a stream filter for the request as well (Click here)? 

     
 when HTTP_REQUEST { 
  
     Disable the stream filter by default 
    STREAM::disable 
  
     Check if request is a POST 
    if {[HTTP::method] eq "POST"}{ 
  
        Replace https references with http 
       STREAM::expression "@https://www.example.com@http://www.example.com@" 
  
        Enable the stream filter for this request only 
       STREAM::enable 
    } 
 }

    Aaron
  • Shane_Benting_5's avatar
    Shane_Benting_5
    Icon for Nimbostratus rankNimbostratus
    May 27, 2008
    I should have looked closer at the stream profile documentation. I wasn't aware that it applied to client data, as well. This is working now.

     

     

    Thanks!
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    May 28, 2008
    Between the STREAM profile and the HTTP class functionality in some of the new releases, there is a whole host of things that can be done without the need for iRules now. Definitely worth checking out!

     

     

    Colin