find string in post

Are you wanting to find the file extension of the URI which the POST request is being made to (like .asp in POST /path/to/file.asp), or the name of the file the client provided which they're uploading in the POST request (like .ext in the HTTP payload, Content-Disposition: form-data; name="file"; filename="c:\path\to\file.ext")?

 

 

If the latter, what do you want to do once you find the file extension? Do you want to change the string, make a pool selection, or...?

 

 

Aaron

I want to file the extension of the file that the client provided.

 

 

Once I know the file extension I want to transfer the packect to an eSafe machine and I need to use the nexthop command.

 

 

Idan Dvir.

If you wanted to read/modify the string you could have used a stream filter. If you want to modify how the request is load balanced, you'll need to collect the request payload and search the payload for the string filename=. You can use the HTTP::collect (Click here) and HTTP::payload (Click here) commands to do this.

If you're running a version less than 9.3, you should limit the payload collection to less than 1Mb due to a bug noted in CR57252 (Click here).

Here's an example to get you started:

    
    when HTTP_REQUEST {    
       if {[HTTP::method] eq "POST"} {     
          log local0. "[IP::client_addr]:[TCP::client_port]: POST request to \  
  [HTTP::uri], with content-length [HTTP::header value "Content-Length"]"    
          Check if there is a content-length header with a value less than 1Mb    
          if {([HTTP::header exists "Content-Length"]) && \  
  ([HTTP::header "Content-Length"] <= 1048576)}{    
             set content_length [HTTP::header "Content-Length"]    
          } else {    
              Set the collection to a default of 1Mb    
             set content_length 1048576    
          }    
           Make sure the content-length header wasn't set to 0    
          if { $content_length > 0 } {    
             log local0. "[IP::client_addr]:[TCP::client_port]: collecting $content_length"    
             HTTP::collect $content_length    
          }    
       }    
    }     
        
    when HTTP_REQUEST_DATA {    
        Log the collected payload    
       log local0. "[IP::client_addr]:[TCP::client_port]: Payload: [HTTP::payload]"    
  
        Do something with the request based on whether the POST payload contains an .exe file upload 
    }    
    

Aaron

This is not what I ment...

 

When a client upload file (.exe or .doc) I need to transfer the packet the the eSafe machine.

 

I want to find the file extention in the POST method and then to transfer the packet

 

the the eSafe by the nexthop command.

 

 

Is it possible?

 

Can I do something like this?

 

 

Thanks'

 

Idan Dvir.

I'm not familiar with eSafe. When you say 'transfer the packet', do you mean select the eSafe IP:port as the destination for the request? Or do you want to transparently load balance to the eSafe host (not translate the destination address or port)? Does the eSafe host then send the request directly to the web server?

 

 

Aaron

No, I need to transfare the packet to the eSafe

 

by nexthop, the eSafe will scan the file (Thats what the eSafe does) but the destination of the packet is the web server. (The eafe return the packet to the F5 machine, who is the eSafe default gatway, finally the F5 machine will send the packet to the web server)

 

 

The 2 things I need to know are:

 

1) How can I find the file extention (exe, doc) on the POST method (in the iRule ofcourse)

 

2) How can I transfer the packet from the F5 machine to the eSafe machine.

 

Can I use LINK::nexthop ["192.168.1.1"]?

LINK::nexthop only allows you to retrieve the MAC address of the next hop. It can't be used to set the MAC address.

 

 

I'm still not sure I understand what flow of traffic you want to achieve. I assume for normal traffic (not POST requests with an uploaded file type of .exe, .doc, etc) you want to use a standard pool. For POST requests, you want to check what the file type is. If it's a special one, you want to send the request to the eSafe host. Does the eSafe listen on its own IP address and port or is it a transparent network device? How will the eSafe host send the traffic on? Will it reply to the BIG-IP with a status message stating the file was okay/bad? Or will it proxy the request to the web server? What happens if the file validation faiils?

 

 

Aaron

Hi,

 

This my main problem.

 

I have a site and I want to scan *.exe file that the users uploading to the site.

 

I need to find the exe file extention and transfare the packet to another machine (eSafe).

 

This machine scan the files, if the file past the scan the eSafereturn the packet to the F5 and from to the web server. If the file failed the scan to eSafe drops the packet automaticlly.

I'm still not sure about whether the eSafe host listens on its own IP and port and then sends validated traffic to a new IP address or if it's a transparent network device. There are two main methods for passing traffic to another host for validation.

 

 

Use the method described by Deb in this techtip:

 

 

Conditioning iRule Logic on External Information - 1 - HTTP::retry

 

(Click here)

 

 

Or you could configure an iRule using the example provided in this post to split off traffic which is a POST with a file type of .exe to a pool other than the VIP's default pool. The pool would contain the eSafe host. If the eSafe host validates the request then it could send that back to another VIP on the BIG-IP which points to the pool of web servers.

 

 

There might be other approaches to configuring this, but I don't understand the requirements well enough to detail them.

 

 

Aaron