Forum Discussion

7 Replies

  • Hi Darren,

     

     

    You can check the request method using HTTP::method, get a list of the headers using 'HTTP::header names' and remove an HTTP header using 'HTTP::header remove'.

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/http

     

     

    Do you want to remove all HTTP headers from just GET requests? Or can you clarify?

     

     

    Thanks,

     

    Aaron
  • We have this one app behind the F5's the we need to remove Cache-Control and Pragma from on a certain set of GET requests. The vendor has also identified what we can search for on the uri for the removal.

     

     

    Vendor is sending an HTML doc with an XLS extension and they're forcing Cache-Control and Pragma to a point where it won't work over SSL to IE.
  • You can check the request method and URI in HTTP_REQUEST and then set a variable to track that you want to remove the Cache-Control and Pragma headers from the response. I'm not sure whether you only want to check GETs or POSTs, but here's an example which checks POSTs:

     
     when HTTP_REQUEST { 
      
        set remove_headers 0 
      
        if {[HTTP::path] contains "some/string"}{ 
      
           if {[HTTP::method] eq "POST"}{ 
      
              set remove_headers 1 
           } 
        } 
     } 
     when HTTP_RESPONSE { 
      
        if {$remove_headers}{ 
      
           HTTP::header remove Cache-Control 
           HTTP::header remove Pragma 
        } 
     } 
     

    Aaron
  • Thanks a bunch, that's (mostly) what I had going. I'm discovering how rusty my tcl is now...

     

     

    Perhaps you can answer, the paths the app has have been defined and there are several of them I need to evaluate. In Perl, I would have:

     

     

    my @paths = ('path1', 'path2', 'path3');

     

    foreach my $path (@paths) {

     

    do_something($path);

     

    }

     

     

    From what I've read tcl arrays are not what I'm used to in Perl. Any idea what tcl equivalent is to that type of operation?
  • If you want to check for multiple paths you can use a switch statement:

    http://www.tcl.tk/man/tcl8.4/TclCmd/switch.htm

     
     when HTTP_REQUEST { 
      
        set remove_headers 0 
      
         Check the requested path 
        switch -glob [HTTP::path] { 
           "/path1/*" - 
           "*/path2/" - 
           "*/path3/*" { 
              if {[HTTP::method] eq "POST"}{ 
      
                 set remove_headers 1 
              } 
           } 
        } 
     } 
     when HTTP_RESPONSE { 
      
        if {$remove_headers}{ 
      
           HTTP::header remove Cache-Control 
           HTTP::header remove Pragma 
        } 
     } 
     

    The -glob flag in combination with the * wildcard means the first check is if the path starts with /path1/, the second is if the path ends with /path2/ and the third is if the path contains /path3/.

    If you did want to do something to a set of strings, you could use a list and a foreach loop:

     
     set paths [list path1 path2 path3] 
     foreach path $paths { 
         do something 
     } 
     

    There are arrays in TCL if you want to use one:

    http://www.tcl.tk/man/tcl8.4/TclCmd/array.htm

    Aaron
  • Working perfectly now, thanks.

     

     

    Perhaps I should start a new thread for this, but I'll ask here first.

     

     

    Is there any way to detect the port of the member server that a request would be sent to? In this case, only members that are non SSL (port 80) should have the headers removed. If the member is SSL enabled we don't hit the problem with the app.

     

     

    At this point I would be happy with checking member port 80 vs. 443 to determine if it's an SSL back-end. Rather than actually connecting to the back-end to test that condition (like see if there's a cert installed, etc).
  • You can check the port in HTTP_RESPONSE using TCP::server_port:

     
      when HTTP_REQUEST {  
        
         set remove_headers 0  
        
          Check the requested path  
         switch -glob [HTTP::path] {  
            "/path1/*" -  
            "*/path2/" -  
            "*/path3/*" {  
               if {[HTTP::method] eq "POST"}{  
        
                  set remove_headers 1  
               }  
            }  
         }  
      }  
      when HTTP_RESPONSE {  
        
         if {$remove_headers && [TCP::server_port] != 443}{  
        
            HTTP::header remove Cache-Control  
            HTTP::header remove Pragma  
         }  
      }  
     

    You can use PROFILE::exists serverssl to check for a server SSL profile on the VIP, but I think this is a more expensive operation than checking the TCP port.

    Aaron