For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tny81's avatar
Tny81
Icon for Nimbostratus rankNimbostratus
Oct 26, 2020
Solved

401 unauthorized return if header doesn't match

Is there a way I can write an irule so when a GET request comes to a VS on a specific URL: https://abctest1234.com/general/api, if a header value does not match on multiple ClientID such as (ClientID: RealCategory, ClientID: TrueCategory, or ClientID: BlueCategory), we want to return a 401 unauthorize response back to the client?

iRules
LTM
security
  • Andrew-F5's avatar
    Andrew-F5
    Oct 29, 2020
    when HTTP_REQUEST {
	if { [[HTTP::host][HTTP::uri] eq "abctest1234.com/general/api"] && [[HTTP::header value "ClientID"] ne "RealCategory" || [HTTP::header value "ClientID"] ne "TrueCategory" || [HTTP::header value "ClientID"] ne "BlueCategory"]}{
		HTTP::respond 401
	} 
}

2 Replies

  • Andrew-F5's avatar
    Andrew-F5
    Icon for Employee rankEmployee
    Oct 29, 2020
    when HTTP_REQUEST {
	if { [[HTTP::host][HTTP::uri] eq "abctest1234.com/general/api"] && [[HTTP::header value "ClientID"] ne "RealCategory" || [HTTP::header value "ClientID"] ne "TrueCategory" || [HTTP::header value "ClientID"] ne "BlueCategory"]}{
		HTTP::respond 401
	} 
}
    • Tny81's avatar
      Tny81
      Icon for Nimbostratus rankNimbostratus
      Nov 02, 2020

      Thanks Andrew! This seems to work.