Forum Discussion

Ed_27995's avatar
Ed_27995
Icon for Nimbostratus rankNimbostratus
Jun 18, 2008

iRule seems to block page request

Hi All,

 

 

I have created the following iRule-

 

 

when HTTP_REQUEST {

 

if {[findstr [HTTP::uri] "webctid=" 8 2] == "83"}

 

{HTTP::redirect "http://distance-ed.bcc.ctc.edu/bbmaint.asp"}

 

elseif {[findstr[HTTP::uri] "webctid=" 8 2] == "95"}

 

{HTTP::redirect "http://distance-ed.bcc.ctc.edu/bbmaint.asp"}

 

}

 

 

What I am trying to do is redirect student login requests, identified by the "83" or "95" in the above rule, to a maintenance page.

 

 

When I go into the iRule manager and make the iRule active, the login page does not display when I go to the site.

 

 

Do I need an else block to tell the BigIP that if the preceding conditions are not matched to forward the request to an app node normally? If so, how is that done?

 

 

My thinking when creating the iRule was that if the string was encountered in an HTTP request, the redirect would be triggered, but if the string was not encountered the web requests would processed normally.

 

 

Do I have the wrong event in HTTP_REQUEST?

 

 

Thanks in advance for your help!

 

 

Ed
application delivery
dev
devops
iRules

7 Replies

Sort By
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Jun 18, 2008
    Hi,

    Your iRule should be fine i think, maybe you shoudl try this: 

      
  when HTTP_REQUEST {  
     log local0. "uri is [HTTP::uri]" 
     set val [findstr [HTTP::uri] "webctid=" 8 2]  
     log local0. "val is $val"  
     if {$val == "83"} {  
       log local0. "val matched 83"  
       HTTP::redirect "http://distance-ed.bcc.ctc.edu/bbmaint.asp"  
    }  
    elseif {$val == "95"} {  
       log local0. "val matched 95"  
      HTTP::redirect "http://distance-ed.bcc.ctc.edu/bbmaint.asp"  
    }  
  }

    Then check the output in /var/log/ltm

    Can you show it to us ?

    Thanks !
  • Ed_27995's avatar
    Ed_27995
    Icon for Nimbostratus rankNimbostratus
    Jun 18, 2008
    Hi nmenant,

     

     

    Thanks for your response- while you wrote that, I took a look at an iRule headaches post, and modified my script to be more like the second example that cmbhatt provided; the script now looks like:

     

     

    when HTTP_REQUEST {

     

    if {[findstr [HTTP::uri] "webctid=" 8 2] == "95"} {

     

    if {[findstr[HTTP::uri] "webctid=" 8 2] == "83"} {

     

    HTTP::redirect "http://distance-ed.bcc.ctc.edu/bbmaint.asp"}

     

    }

     

    }

     

     

    Testing shows that with this script activated, I can reach the login page, but attempting to login with a test "95" account does not trigger a redirect.

     

     

    I can amend my script to incorporate the logging you recommend. Thanks for your response!

     

     

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jun 18, 2008
    Can you post the exact URI you are trying to match to? That way we have some way of testing it.

     

     

    Thx...

     

     

    -Joe
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jun 18, 2008
    Found at least one of your issues. You don't have a space between the second "findstr" and "[HTTP::uri]". The TCL processor is trying to run the command "findstr[HTTP::uri]" which throws a runtime exception that you should see in the /var/log/ltm file.

    I've got an alternative for your iRule that should work and speed things up a bit. 

    when HTTP_REQUEST {  
   switch [findstr [HTTP::uri] "webctid=" 8 2] { 
     "83" - 
     "95" { 
       log local0. "Found match, redirecting to maintenance page..." 
       HTTP::redirect "http://distance-ed.bcc.ctc.edu/bbmaint.asp" 
     } 
   } 
 }

    This avoids the multiple parsing by calling findstr twice and easily allows for new webctid's in the future.

    Let me know if this does or doesn't work.

    -Joe
  • Ed_27995's avatar
    Ed_27995
    Icon for Nimbostratus rankNimbostratus
    Jun 18, 2008
    Here's what I'm seeing from a Wireshark capture:

     

     

    The uri shows as

     

     

    http.request.uri == "/webct/urw/lc9140011.tp0/authenticateUser.dowebct"

     

     

    The string I'm searching for, "webctid=", shows up in a section of the capture denoted as

     

     

    Line-based text data: application/x-www-form-urlencoded

     

     

    The actual text data looks like

     

     

    insId=9140011&glcid=URN%3AX-WEBCT-VISTA-V1%3A319e858b-8627-515f-006f-db4bc25adf55&newUserGlcid=URN%3AX-WEBCT-VISTA-V1%3A319e858b-8627-515f-006f-db4bc25adf55&insName=BELLEVUE+COMMUNITY+COLLEGE&gotoid=&actionType=&webctid=950XXXXXX&timeZoneOffset=7&glcid=URN%3AX-WEBCT-VISTA-V1%3A319e858b-8627-515f-006f-db4bc25adf55&insId=9140011&insName=BELLEVUE+COMMUNITY+COLLEGE&password=PASSWORD

     

     

    My interpretation of this is that the uri is invoking a script, and the webctid and password are being passed with other info in the text data.

     

     

    Would I want to perform a findstr operation on the HTTP::payload?
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jun 18, 2008
    Now I'm glad I asked for the URI. Per your trace, the value of "webctid=" is not in the URI at all but in the HTTP payload data. So, from the looks of your trace, you would want to do a HTTP::collect in the HTTP_REQUEST event and then process the HTTP::payload value in the HTTP_REQUEST_DATA event. Search for "HTTP_REQUEST_DATA" in the site search and you'll find lots of examples.

     

     

    -Joe
  • Ed_27995's avatar
    Ed_27995
    Icon for Nimbostratus rankNimbostratus
    Jun 18, 2008
    Thanks Joe!

     

     

    Figured I'd need to run the findstr operation against the HTTP::payload once I saw the packet capture results.

     

     

    I've got a redirect script that works now. The script will only be enabled during our down times, so while I'm running the findstr only once to improve performance, I don't see any harm in having to grab a large amount of text from the payload to search for the username.

     

     

    And thanks to everyone who helped!