Created
September 28, 2018 11:31
-
-
Save billchurch/f5777b6b040cc1afbbce85ad9005ed09 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# fixup_apm_uri.irule | |
# bill church - bill@f5.com | |
# 20180928 - initial release | |
# | |
# If a URI length is equal or greater than 4095 bytes | |
# store in a variable, replace uri temporairly, before | |
# APM and re-inject stored URI after APM | |
# | |
# Optional "URIFixup" header for troubleshooting | |
# and debug can be removed. | |
# | |
# This issue is being tracked as RFE 421616 | |
when HTTP_REQUEST { | |
if {[HTTP::cookie exists "MRHSession"] && [string length [HTTP::uri]] >=4095} { | |
set uri [HTTP::uri] | |
HTTP::uri "/fakeuri/" | |
HTTP::header URIFixup "true" | |
} else { | |
HTTP::header URIFixup "false" | |
} | |
} | |
when HTTP_REQUEST_RELEASE { | |
if {[info exists uri]} {HTTP::uri $uri; unset uri} | |
} |
Possible entry in /var/log/apm which would indicate this may be an issue:
Sep 28 06:28:22 bigip-proxyssh warning tmm3[10553]: 01490519:4: /Common/uri-test:Common:00000000: Received user request URI length 4097 is longer than max supported length of 4096 bytes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There exists a known design limitation with F5 Access Policy Manager (APM) that rejects requests with an [HTTP::uri] length over 4095 bytes.
This iRule can mitigate that behavior for a Per Session policy, as long as the initial request (pre-authentication) is not a [HTTP::uri] over 4095 bytes.