HTTP::release

Description¶

Releases the data collected via HTTP::collect. Unless a subsequent HTTP::collect command was issued, there is no need to use the HTTP::release command inside of the HTTP_REQUEST_DATA and HTTP_RESPONSE_DATA events, since (in these cases) the data is implicitly released.

It is important to note that these semantics are different than those of the TCP::collect and TCP::release commands. With TCP::collect, the event for processing the data (CLIENT_DATA) will fire without TCP::release being called, whereas with HTTP::collect, the event (HTTP_REQUEST_DATA or HTTP_RESPONSE_DATA) will not fire without HTTP::release being called (at least implicitly).

Syntax¶

HTTP::release

HTTP::release ¶

Releases the collected data.

Examples¶

when CLIENT_ACCEPTED {
    set authinsck 0
    set forceauth 1
    set ckname BIGXAUTH
    set ckpass 1xxx5678
    set ckvalue [IP::client_addr]
    set ckdomain .y.z
    set asid [AUTH::start pam default_radius]
}
when HTTP_REQUEST {
    if {[HTTP::cookie exists $ckname]} {
        HTTP::cookie decrypt $ckname $ckpass 128
        if {[HTTP::cookie value $ckname] eq $ckvalue} {
            set forceauth 0
        }
        HTTP::cookie remove $ckname
    }
    if {$forceauth eq 1} {
        AUTH::username_credential $asid [HTTP::username]
        AUTH::password_credential $asid [HTTP::password]
        AUTH::authenticate $asid
        HTTP::collect
    }
}
when HTTP_RESPONSE {
    if {$authinsck eq 1} {
        HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain
        HTTP::cookie secure $ckname enable
        HTTP::cookie encrypt $ckname $ckpass 128
    }
}
when AUTH_SUCCESS {
    if {$asid eq [AUTH::last_event_session_id]} {
        set authinsck 1
        HTTP::release
    }
}
when AUTH_FAILURE {
   if {$asid eq [AUTH::last_event_session_id]} {
       HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
   }
}
when AUTH_WANTCREDENTIAL {
   if {$asid eq [AUTH::last_event_session_id]} {
       HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
   }
}
when AUTH_ERROR {
   if {$asid eq [AUTH::last_event_session_id]} {
        HTTP::respond 401
   }
}

Related Information¶

Valid Events:

ALL_EVENTS, NAME_RESOLVED

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

Block requests by reverse DNS record - Performs a reverse DNS lookup to validate client IP
Client Cert Request by URI with OCSP Checking - Request a client SSL certificate by URI and validate it using OCSP
Client Certificate Request by URI with OCSP Checking (v10.1 - v10.2.x) - Request a client SSL certificate by URI and validate it using OCSP for v10.1 - 10.2.x
HTTP POST redirect preserving POST data - Use Javascript in an iRule to redirect HTTP POST requests to HTTPS
HTTP Payload Collection - iRule demonstrating the basic approach for collection and manipulation of HTTP payload data.
Microsoft Branch Cache Hash Offload - Hash Offload for Microsoft BranchCache
Reverse Proxy With Basic SSO - The iRule implements a authenticated HTTPS reverse proxy.

Introduced: BIGIP-9.0.0

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

HTTP::release¶

Description¶

Syntax¶

HTTP::release¶

Examples¶

Related Information¶

HTTP::release ¶

HTTP::release ¶