Forum Discussion
9 Replies
Sort By
- hooleylistCirrostratusAre you wanting to find the file extension of the URI which the POST request is being made to (like .asp in POST /path/to/file.asp), or the name of the file the client provided which they're uploading in the POST request (like .ext in the HTTP payload, Content-Disposition: form-data; name="file"; filename="c:\path\to\file.ext")?
- idanidin_105624NimbostratusI want to file the extension of the file that the client provided.
- hooleylistCirrostratusIf you wanted to read/modify the string you could have used a stream filter. If you want to modify how the request is load balanced, you'll need to collect the request payload and search the payload for the string filename=. You can use the HTTP::collect (Click here) and HTTP::payload (Click here) commands to do this.
when HTTP_REQUEST { if {[HTTP::method] eq "POST"} { log local0. "[IP::client_addr]:[TCP::client_port]: POST request to \ [HTTP::uri], with content-length [HTTP::header value "Content-Length"]" Check if there is a content-length header with a value less than 1Mb if {([HTTP::header exists "Content-Length"]) && \ ([HTTP::header "Content-Length"] <= 1048576)}{ set content_length [HTTP::header "Content-Length"] } else { Set the collection to a default of 1Mb set content_length 1048576 } Make sure the content-length header wasn't set to 0 if { $content_length > 0 } { log local0. "[IP::client_addr]:[TCP::client_port]: collecting $content_length" HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { Log the collected payload log local0. "[IP::client_addr]:[TCP::client_port]: Payload: [HTTP::payload]" Do something with the request based on whether the POST payload contains an .exe file upload }
- idanidin_105624NimbostratusThis is not what I ment...
- hooleylistCirrostratusI'm not familiar with eSafe. When you say 'transfer the packet', do you mean select the eSafe IP:port as the destination for the request? Or do you want to transparently load balance to the eSafe host (not translate the destination address or port)? Does the eSafe host then send the request directly to the web server?
- idanidin_105624NimbostratusNo, I need to transfare the packet to the eSafe
- hooleylistCirrostratusLINK::nexthop only allows you to retrieve the MAC address of the next hop. It can't be used to set the MAC address.
- idanidin_105624NimbostratusHi,
- hooleylistCirrostratusI'm still not sure about whether the eSafe host listens on its own IP and port and then sends validated traffic to a new IP address or if it's a transparent network device. There are two main methods for passing traffic to another host for validation.