• 日期: 2025-04-04
  • 标签: 常规

This F5 iRules script configures logging of HTTP requests and responses, including content length, headers, and status code. It also utilizes HSL (High-speed Logging) for sending log data to a specified pool.

Initialization

when RULE_INIT {
	set static::max_collect_len 4999
	# HSL pool name
	set static::hsl_pool 'my_hsl_udp_pool'
}

This section initializes the rule by setting a maximum data collection length and defining the name of the HSL pool ('my_hsl_udp_pool').

HTTP Request Handling

when HTTP_REQUEST {
  if { [HTTP::header exists 'Content-Length'] } {
    set content_length [HTTP::header 'Content-Length']
  } else {
    set content_length 0
  }
  # content_length of 0 indicates chunked data (of unknown size)
  if { $content_length > 0 && $content_length < 1048577 } {
    set collect_length $content_length
  } else {
    set collect_length 1048576
  }  
  log local0.info 'Content Length: $content_length   Collect length: $collect_length'
  if { $collect_length > 0 } {
    HTTP::collect $collect_length
  }
    set LogString 'Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]'
   log local0. '============================================='
   log local0. '$LogString (request)'
   foreach aHeader [HTTP::header names] {
      log local0. 'Request: $aHeader: [HTTP::header value $aHeader]'
   }
   log local0. '============================================='
  LB::context_id chongqingbank

}

This section handles incoming HTTP requests. It checks for the 'Content-Length' header and sets the data collection length based on its value. The code logs information about the request, including client IP and port, server host and URI, and all request headers.

HTTP Response Handling

when HTTP_RESPONSE {
  if { [HTTP::header exists 'Content-Length'] } {
    set content_length [HTTP::header 'Content-Length']
  } else {
    set content_length 0
  }
  # content_length of 0 indicates chunked data (of unknown size)
  if { $content_length > 0 && $content_length < 1048577 } {
    set collect_length $content_length
  } else {
    set collect_length 1048576
  }  
  log local0.info 'Content Length: $content_length  Collect length: $collect_length'
  if { $collect_length > 0 } {
    HTTP::collect $collect_length
  }
    log local0. '============================================='
   log local0. '$LogString (response) - status: [HTTP::status]'
   foreach aHeader [HTTP::header names] {
      log local0. '$aHeader: [HTTP::header value $aHeader]'
   }
   log local0. '============================================='  
   HSL::send $hexin '$aHeader: [HTTP::header value $aHeader]'
   HSL::send $hexin 'Response $aHeader: [HTTP::header value $aHeader]'
  LB::context_id chongqingbank
}

This section handles HTTP responses. It performs similar actions as the request handling section, logging response headers and status code. Additionally, it uses the HSL::send command to send the collected data to the HSL pool defined in the initialization section.

Note: The commented sections are likely remnants from a previous version of the iRules and are not currently in use. These sections potentially handled processing of the request and response data and sending them to Logstash, a common tool for log aggregation and analysis.

This iRules script provides a robust mechanism for logging HTTP traffic, which can be valuable for monitoring, debugging, and security analysis.

F5 iRules: HTTP Request and Response Logging with HSL

原文地址: https://www.cveoy.top/t/topic/qhMf 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录