Forum Discussion

JoeK_10405's avatar
JoeK_10405
Icon for Nimbostratus rankNimbostratus
Jan 16, 2009

Intercept client request to fix broken app

Breakfix Needed. Client requests causes app to loop and eat all resources, and fix will take some weeks to migrate through to production. So in the meantime, I need to leverage/show off iRules in our Cisco only environment.

Client request: 
       
       > OPTIONS /storeWeb/authentication/AuthenticationServlet HTTP/1.1

Current server response: 
     
       < HTTP/1.1 401 Unauthorized

Required response: 
      
       < HTTP/1.1 200 OK       
       < Allow: GET, HEAD, POST, TRACE, OPTIONS       
       < Content-Length: 0

Current iRule, which doesn't work: 

       
       when HTTP_REQUEST {       
       if { [HTTP::method] contains "OPTIONS" }       
        if  {[HTTP::uri] contains "/authentication/AuthenticationServlet/"}       
           {[HTTP::version] eq "1.1" }       
       {       
          HTTP::respond HTTP::version 200 noserver        
          HTTP::header insert Allow: GET, HEAD, POST, TRACE, OPTIONS        
         }       
       }

TIA, most appreciated
application delivery
dev
devops
iRules

8 Replies

Sort By
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Jan 16, 2009
       
      
   when HTTP_REQUEST {          
      if {[HTTP::method] equals "OPTIONS" } {   
        log local0. "OPTIONS method detected"   
        if  {[HTTP::uri] equals "/storeWeb/authentication/AuthenticationServlet"} {   
            log local0. "uri equals /storeWeb/authentication/AuthenticationServlet!"   
            if {[HTTP::version] eq "1.1" } {          
              log local0. "intercept response !"   
             HTTP::respond 200            
             HTTP::header insert Allow: GET, HEAD, POST, TRACE, OPTIONS           
            }          
          }     
      }   
   }

    I added some logging you can check into /var/log/ltm. If it works remove it since it will use more cpu with it (it's just for troubleshooting)

    P.S: i couldn't test it so if you have some syntax error don't hesitate to post and i'll try to help
  • JoeK_10405's avatar
    JoeK_10405
    Icon for Nimbostratus rankNimbostratus
    Jan 16, 2009
    Thanks for the response. 

     curl -v -X OPTIONS http://xxx/storeWeb/authentication/AuthenticationServlet 
 * About to connect() to xxx port 80 
 *   Trying 10.0.0.26... connected 
 * Connected to xxx (10.0.0.26) port 80 
 > OPTIONS /storeWeb/authentication/AuthenticationServlet HTTP/1.1 
 > User-Agent: curl/7.15.3 (i686-redhat-linux-gnu) libcurl/7.15.3 OpenSSL/0.9.7l zlib/1.1.4 
 > Host: xxx 
 > Accept: */* 
 >  
 < HTTP/1.0 200 OK 
 < Server: BigIP 
 * HTTP/1.0 connection set to keep alive! 
 < Connection: Keep-Alive 
 < Content-Length: 0 
 * Connection 0 to host xxx left intact 
 * Closing connection 0

    Log shows the OPTIONS hit, a 200 OK, but not the HTTP::header insert:
    Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm tmm[1995]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected 
 Jan 16 13:03:51 tmm1 tmm1[1842]: Rule test_v1 : OPTIONS method detected

  • CharlesCS's avatar
    CharlesCS
    Icon for Cirrus rankCirrus
    Jan 16, 2009
    Once you issue an HTTP::respond, it's too late to insert any headers. Fortunately, the HTTP::respond command allows you to directly include headers. Try: 

        HTTP::respond 200 "Allow" "GET, HEAD, POST, TRACE, OPTIONS"

    instead of the separate commands.
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Jan 16, 2009
    Hi,

     

     

    in your logging data i don't see the command log local0. "uri equals /storeWeb/authentication/AuthenticationServlet!" being triggered...netiher log local0. "intercept response !"

     

     

    it means you don't enter in the HTTP::respond Oo but seing your curl response it doesn't make sense ...

     

     

    did you not insert those specific log command ?

     

     

    CharlesCS is right, i made a mistake on this, you should try his syntax
  • JoeK_10405's avatar
    JoeK_10405
    Icon for Nimbostratus rankNimbostratus
    Jan 16, 2009
    Updated iRule per CharlesCS suggestion:
       when HTTP_REQUEST {            
        if {[HTTP::method] equals "OPTIONS" } {     
          log local0. "OPTIONS method detected"     
          if  {[HTTP::uri] equals "/xxx/authentication/AuthenticationServlet"} {     
              log local0. "uri equals /xxx/authentication/AuthenticationServlet!"     
              if {[HTTP::version] eq "1.1" } {            
                log local0. "intercept response !"     
               HTTP::respond 200 "Allow" "GET, HEAD, POST, TRACE, OPTIONS"             
              }            
            }       
        }     
     }

    And following CURL output:
     curl -v -X OPTIONS http://xxx/xxx/authentication/AuthenticationServlet  
  * About to connect() to xxx port 80  
  *   Trying 10.0.0.26... connected  
  * Connected to xxx (10.0.0.26) port 80  
  > OPTIONS /xxx/authentication/AuthenticationServlet HTTP/1.1  
  > User-Agent: curl/7.15.3 (i686-redhat-linux-gnu) libcurl/7.15.3 OpenSSL/0.9.7l zlib/1.1.4  
  > Host: xxx  
  > Accept: */*  
  >   
  < HTTP/1.0 200 OK  
  < Allow: GET, HEAD, POST, TRACE, OPTIONS 
  < Server: BigIP  
  * HTTP/1.0 connection set to keep alive!  
  < Connection: Keep-Alive  
  < Content-Length: 0  
  * Connection 0 to host xxx left intact  
  * Closing connection 0

  • wolfpack_98881's avatar
    wolfpack_98881
    Icon for Nimbostratus rankNimbostratus
    Jan 16, 2009
    You need to combine the HTTP::respond and header insert lines into the single line as noted above.
  • JoeK_10405's avatar
    JoeK_10405
    Icon for Nimbostratus rankNimbostratus
    Jan 16, 2009
    Noted. Thanks!

    So far so good!!!
     
 Jan 16 15:28:26 tmm1 tmm1[1842]: Rule test : OPTIONS method detected 
 Jan 16 15:28:26 tmm1 tmm1[1842]: Rule portal_worddoc_storeweb_test_v2 : OPTIONS method detected 
 Jan 16 15:28:26 tmm tmm[1995]: Rule test : OPTIONS method detected 
 Jan 16 15:28:26 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v2 : OPTIONS method detected 
 Jan 16 15:30:30 tmm tmm[1995]: Rule test : OPTIONS method detected 
 Jan 16 15:30:30 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected 
 Jan 16 15:30:30 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! 
 Jan 16 15:30:30 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! 
 Jan 16 15:31:20 tmm tmm[1995]: Rule test : OPTIONS method detected 
 Jan 16 15:31:20 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected 
 Jan 16 15:31:20 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! 
 Jan 16 15:31:20 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! 
 Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected 
 Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected 
 Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! 
 Jan 16 15:32:39 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : uri equals /xxx/authentication/AuthenticationServlet! 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : intercept response ! 
 Jan 16 15:32:50 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected 
 Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected 
 Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected 
 Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! 
 Jan 16 15:32:53 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response ! 
 Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_xxx_test_v1 : OPTIONS method detected 
 Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : OPTIONS method detected 
 Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : uri equals /storeWeb/authentication/AuthenticationServlet! 
 Jan 16 15:34:54 tmm tmm[1995]: Rule portal_worddoc_storeweb_test_v1 : intercept response !