Forum Discussion

jdam_41848's avatar
jdam_41848
Icon for Altocumulus rankAltocumulus
Dec 18, 2014

nested if iRule

Hi, I am trying to develop an iRule that will flow through several conditions, breaking out as soon as a condition is false to make it efficient. It doesn't seem to be working but not sure why.

 

Here is what I have -

 

priority 150 when HTTP_REQUEST { if { [HTTP::method] equals "POST" } { if { [HTTP::uri] contains "/URI-In-Question/" } { HTTP::collect 100} if { !([HTTP::payload 100] contains "keyword")}{ reject}

 

} }

 

So the goal here is to test if the request is a POST and if not, stop processing. If the request is a POST, then check to match the URI. If the URI doesn't match, stop processing. If the URI matches then grab the first 100 bytes of the POST payload and evaluate that payload for a keyword, if the keyword is not present in that first 100 bytes of payload, then reject the request, otherwise process the request.

 

The behavior I am seeing is very inconsistent and not what I am trying to achieve. I know I need to add some error checking and all that around content length but the basic rule isn't working yet.

 

Any thoughts or suggestions?

 

Thanks in advance.

 

application delivery
devops
iRules
LTM

2 Replies

Sort By
  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Dec 18, 2014

    I would recommend joining the first two if conditions and then follow the code at this site as an example of how to grab the request payload. Then in the http request data event you cam check the payload and reject if necessary.

     

    I can't write the code for you at the moment though I can help with that in a little while. But that link should at least point you in the right direction.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 21, 2014

    can you try something like this?

    [root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::method] equals "POST" } {
    if { [HTTP::uri] contains "/URI-In-Question/" } {
      HTTP::collect 100
    } else {
       Stop processing
      return
    }
  } else {
     Stop processing
    return
  }
}
when HTTP_REQUEST_DATA {
  if { not ([HTTP::payload 100] contains "keyword") } {
     Reject
    reject
  }
}
}