Forum Discussion

okmokmz's avatar
okmokmz
Icon for Nimbostratus rankNimbostratus
Jun 04, 2019

Unable to consistently send resets with irule using documented methods

I need to create an irule that looks for the string "error" in the HTTP response, and if it is found sends a reset back to the client rather than the response with "error" that was analyzed by the F5. Based on the irule documentation I thought it would work using the -reset flag during an http::respond, but despite our f5 version supposedly supporting it an error appears in the LTM log when the -reset flag is set and it does not function properly. When I used reject, it does sometimes send a reset as the response, but not always as expected. I can confirm that the if statements are being utilized do to the log entries, but non of the documented irule solutions to send a reset seem to work as described in the documentation. Also, now with this redesign of devcentral, it is significantly more difficult to use this site and find any relevant info or documentation about the topic. Does anyone know of a way to consistently get this reset to be sent when "error" is found in the response? Unrelated, but I also found that there is a limit of the amount you are able to post in devcentral questions, however it does not limit you from entering as much as you want in the question text field and the error you get is just a generic "please contact sysadmin error" so you have to figure that out yourself; seems like a lot about this site is broken, particularly after the new redesign.

  • The comment above includes some of the irules I have tried

  • when HTTP_RESPONSE {

       log local0. "TEST1"

                  if { [HTTP::status] != 200 } {

                     log local0. "TEST2"

                                 HTTP::respond 404 -reset

                                 TCP::close

                  }

                  elseif { [HTTP::payload] contains "error" } {

                     log local0. "TEST3"

                                 HTTP::respond 404 -reset

                                 TCP::close

                  }

                  else {

           log local0. "TEST4"

                  }

    }

     

    -------------------------------------------------

     

    when HTTP_RESPONSE {

       log local0. "TEST1"

                  if { [HTTP::status] != 200 } {

                     log local0. "TEST2"

                                 HTTP::respond 404

                                 TCP::close

                  }

                  elseif { [HTTP::payload] contains "error" } {

                     log local0. "TEST3"

                                 HTTP::respond 404

                                 TCP::close

                  }

                  else {

           log local0. "TEST4"

                  }

    }

     

    -------------------------------------------------

     

    when HTTP_RESPONSE {

       log local0. "TEST1"

                  if { [HTTP::status] != 200 } {

                     log local0. "TEST2"

                                 reject

                  }

                  elseif { [HTTP::payload] contains "error" } {

                     log local0. "TEST3"

                                 reject

                  }

                  else {

           log local0. "TEST4"

                  }

    }

     

    ---------------------------------------------------------

     

    when HTTP_RESPONSE {

       log local0. "TEST1"

                  if { [HTTP::status] != 200 } {

                     log local0. "TEST2"

                                 HTTP::respond 404 -reset

                  }

                  elseif { [HTTP::payload] contains "error" } {

                     log local0. "TEST3"

                                 HTTP::respond 404 -reset

                  }

                  else {

           log local0. "TEST4"

                  }

    }

     

    --------------------------------------------------------

     

    when HTTP_RESPONSE {

       log local0. "TEST1"

                  if { [HTTP::status] != 200 } {

                     log local0. "TEST2"

                                 HTTP::respond -reset 404

                                 TCP::close

                  }

                  elseif { [HTTP::payload] contains "error" } {

                     log local0. "TEST3"

                                 HTTP::respond -reset 404

                                 TCP::close

                  }

                  else {

           log local0. "TEST4"

                  }

    }

     

    ---------------------------------------------------------

     

    when HTTP_RESPONSE {

       if { [HTTP::payload] contains "error" } {

           HTTP::collect [HTTP::header Content-Length]

       }

    }

     

    when HTTP_RESPONSE_DATA {

       HTTP::respond 404 -reset

    }

     

    -------------------------------------------------------------

     

    when HTTP_RESPONSE {

       if { [HTTP::payload] contains "error" } {

           HTTP::collect [HTTP::header Content-Length]

       }

    }

     

    when HTTP_RESPONSE_DATA {

       HTTP::respond -reset 404

    }

     

    ---------------------------------------------------------------

     

    when HTTP_RESPONSE {

       if { [HTTP::payload] contains "error" } {

           HTTP::collect [HTTP::header Content-Length]

       }

    }

     

    when HTTP_RESPONSE_DATA {

       HTTP::respond 404

    }