For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Yossi_100626's avatar
Yossi_100626
Icon for Nimbostratus rankNimbostratus
Jan 01, 2015

Add basic authentication for specific page

Hi,   Will appreciate if anyone could explain what am I doing wrong. I would like to protect a single specific page with basic authentication.   when HTTP_REQUEST { if {[string tolower [HTTP::u...
application delivery
devops
iRules
LTM
security
Yossi_100626's avatar
Yossi_100626
Icon for Nimbostratus rankNimbostratus
Jan 01, 2015

Nitass, thanks for trying to help. My aim is for the authentication to kick in only if a specific page was requested. Do you have any suggestions on how to make this work?

I made a small correction at the first stage:

when HTTP_REQUEST {
if {not [string tolower [HTTP::uri]] contains "somepage.jsp"} {
    event disable all
return
}

My aim if for the following part to be executed only if the first part page was found

binary scan [ md5 [HTTP::password]] H* password
if { [class lookup "[HTTP::username]" authorized_users] equals $password } {
log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"
} else {
if { [string length [HTTP::password]] != 0 } {
log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]"
} 
HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\""
}
}