AltostratusHi gurus,
I want to use BIG-IP Virtual Server (with HTTP profile) and capture full HTTP request and response. Can I do that? We can not debug on the Client and the real Server. Thanks
Phong
MVP
CirrostratusHello,
In fact you can use tcpdump but there is 2 problem with tcpdump :
1) If it is HTTPS, you will be forced to decrypted the traffic otherwise you will not view the request and response in clear text. 2) The second problem is that you must launched manually each time you want to capture traffic
My suggestion is to use irule to log all request and response header. This requires to have a VS with HTTP profile (Layer 7 VS "Standard").
You have to add an irule that will look like this one
Code
when HTTP_REQUEST {
set request "Client IP : [IP::client_addr] Host: [HTTP::host] [HTTP::method] [HTTP::uri]"
}
when HTTP_RESPONSE {
set response "Status: [HTTP::status] Content-Type: [HTTP::header "Content-Type"] Content-Length: [HTTP::header "Content-Length"] "
log local0. "Request --> $request Response --> $response"
}I think that you can find many example of more complete "debug-irule" or you can adapt it to your need
Hope that this helps
AltostratusHi all,
 
I can use HTTP::collect & HTTP::payload to get full content https://clouddocs.f5.com/api/irules/HTTP__collect.html
 
But when I write to log by "log local0. "$payload". It's not enough content
 
May I write the $payload to a file on big-ip?
 
Thanks
 
Phong
 
NimbostratusTo capture request POST you can try this.
when HTTP_REQUEST {
if { [HTTP::method] equals "POST" } {
catch { HTTP::collect [HTTP::header Content-Length] }
}
}
when HTTP_REQUEST_DATA {
log local0. "[HTTP::payload]"
}
But I guess the option to troubleshoot for APM SSO, could be to use HTTPWatch or Fiddler.
AltostratusThank kunjan
I can not touch the Client and Server so I must do on F5. The "log local0. "[HTTP::payload]"" can not log full HTTP payload to logging
Phong
CumulonimbusTo capture request POST you can try this.
when HTTP_REQUEST {
if { [HTTP::method] equals "POST" } {
catch { HTTP::collect [HTTP::header Content-Length] }
}
}
when HTTP_REQUEST_DATA {
log local0. "[HTTP::payload]"
}
But I guess the option to troubleshoot for APM SSO, could be to use HTTPWatch or Fiddler.
AltostratusThank kunjan
I can not touch the Client and Server so I must do on F5. The "log local0. "[HTTP::payload]"" can not log full HTTP payload to logging
Phong
NimbostratusHI you can use irule example
code
when HTTP_REQUEST {
set REQUEST_RECEIVE [clock clicks -milliseconds]
set uri [HTTP::uri]
set clientip [IP::client_addr]
set clientport [TCP::client_port]
}
when HTTP_RESPONSE {
set RESPONSE_RECEIVE [expr {[clock clicks -milliseconds] - $REQUEST_RECEIVE}]
log local0. "Server response took longer than ms: $RESPONSE_RECEIVE . TCP connection from [IP::client_addr]:[TCP::client_port] to [LB::server addr]:[LB::server port].Requested URI is ${uri}"
}How about this:
when HTTP_REQUEST {
if {[HTTP::method] eq "POST"}{
if {[HTTP::header "Content-Length"] ne "" {
HTTP::collect [HTTP::header Content-Length]
} else {
HTTP::collect 20000
}
}
}
when HTTP_REQUEST_DATA {
log local0. "payload is [HTTP::payload]"
}