Forum Discussion

Nimbostratus

Oct 26, 2020

401 unauthorized return if header doesn't match

Is there a way I can write an irule so when a GET request comes to a VS on a specific URL: https://abctest1234.com/general/api, if a header value does not match on multiple ClientID such as (ClientID: RealCategory, ClientID: TrueCategory, or ClientID: BlueCategory), we want to return a 401 unauthorize response back to the client?

when HTTP_REQUEST {
	if { [[HTTP::host][HTTP::uri] eq "abctest1234.com/general/api"] && [[HTTP::header value "ClientID"] ne "RealCategory" || [HTTP::header value "ClientID"] ne "TrueCategory" || [HTTP::header value "ClientID"] ne "BlueCategory"]}{
		HTTP::respond 401
	} 
}

Andrew-F5

Employee

Oct 29, 2020

when HTTP_REQUEST {
	if { [[HTTP::host][HTTP::uri] eq "abctest1234.com/general/api"] && [[HTTP::header value "ClientID"] ne "RealCategory" || [HTTP::header value "ClientID"] ne "TrueCategory" || [HTTP::header value "ClientID"] ne "BlueCategory"]}{
		HTTP::respond 401
	} 
}

Tny81
Nimbostratus
Nov 02, 2020
Thanks Andrew! This seems to work.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

401 unauthorized return if header doesn't match

Recent Discussions

VIP needed for many UDP ports

Creating Policy using Terraform

Unable to get Internet in server using SWG forward Proxy.

ASM don't block attack XSS

AWAF ADD-ON MODULE

Related Content

The return of DevCentral CodeShare.

https://{{host}}/mgmt/shared/telemetry/info returns 404

how do I detect the rst returned by the server?

Return default favicon.ico

Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS