Forum Discussion
NimbostratusAdd basic authentication for specific page
Hi,
Will appreciate if anyone could explain what am I doing wrong. I would like to protect a single specific page with basic authentication.
when HTTP_REQUEST { if {[string tolower [HTTP::uri]] contains "somepage.jsp"} { event disable all return } binary scan [ md5 [HTTP::password]] H* password if { [class lookup "[HTTP::username]" authorized_users] equals $password } { log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"
} else { if { [string length [HTTP::password]] != 0 } { log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]" }
HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\"" } }
10 Replies
- nitass
Employee
you know event disable will disable the event on that connection, don't you? subsequent http requests on the connection will not trigger the irule.
Yossi_100626Nitass, thanks for trying to help. My aim is for the authentication to kick in only if a specific page was requested. Do you have any suggestions on how to make this work?
I made a small correction at the first stage:
when HTTP_REQUEST { if {not [string tolower [HTTP::uri]] contains "somepage.jsp"} { event disable all return }My aim if for the following part to be executed only if the first part page was found
binary scan [ md5 [HTTP::password]] H* password if { [class lookup "[HTTP::username]" authorized_users] equals $password } { log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]" } else { if { [string length [HTTP::password]] != 0 } { log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]" } HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\"" } }- nitass
My aim is for the authentication to kick in only if a specific page was requested.
do you really need the event disable command? can you use only the return command (i.e. remove the event disable command)?
- Yossi_100626
OK. tried to remove it.I am getting (same as before): "Error code: ERR_CONNECTION_RESET" no matter what URL I am trying to access.
When removing the iRule the site works as expected.
- nitass
tried to remove it.I am getting (same as before): "Error code: ERR_CONNECTION_RESET" no matter what URL I am trying to access.
have you checked /var/log/ltm? was there any error?
- Yossi_100626
I see the following error message. Does this means I can not use NOT statement with the URI value?
Jan 1 16:00:01 ltm2 err tmm1[17789]: 01220001:3: TCL error: /Common/LimitConnection - can't use non-numeric string as operand of "!" while executing "if {not [string tolower [HTTP::uri]] contains "somepage.jsp"} { return }" - nitass
can you enclose it with parentheses?
e.g.
not ([string tolower [HTTP::uri]] contains "somepage.jsp") - Yossi_100626
Is this OK?
Jan 1 16:00:01 ltm2 err tmm[17788]: 01220001:3: TCL error: /Common/LimitConnect ion - can't use non-numeric string as operand of "!" while executing "if {not [string tolower [HTTP::uri]] contains "somepage.jsp"} { return }"- nitasssorry to confuse. i mean the irule. :-) e.g. if {not ([string tolower [HTTP::uri]] contains "somepage.jsp")} { ... }
- Yossi_100626
Hi Nitass,
Thank you, it worked!:
`when HTTP_REQUEST { if {not ([string tolower [HTTP::uri]] contains "somepage.jsp")} { return } binary scan [ md5 [HTTP::password]] H* password if { [class lookup "[HTTP::username]" authorized_users] equals $password } { log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]" } else { if { [string length [HTTP::password]] != 0 } { log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]" } HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\"" } }`
