Forum Discussion
APM AdAuth HTTP Header Insert iRule Switch Statement
- Aug 17, 2023
As Jason said, there are many ways to do this and your method looks fine. But note your typo in IP::client_addr. And it is good practise to use -- to terminate switch options.
You could also do this by checking whether the header already exists
when ACCESS_ACL_ALLOWED { if { ! [HTTP::header exists iv-user] } { HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] } } }
- Aug 21, 2023
Doh! My bad, thanks for that. I did find that the F5 does not like:
// do nothing
within those braces, so I have omitted the contents and left it as:
when ACCESS_ACL_ALLOWED { switch -- [IP::client_addr] { "10.0.0.1" - "10.0.0.2" {} default { HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] } } }
This should be okay right?
Hi tdaish, thanks for the question! The switch will work just fine, and sets you up for more client IPs should that be necessary. You could back off to a "not matches_glob" if/else if you wanted to, or progress to a data-group and class statement if exceptions start to hit 20+, but what you have here is sufficient.
- tdaishAug 18, 2023Altostratus
Thanks for your response! I like this option, something to consider for sure, might combine that with what PeteWhite submitted, to check against inserted headers and source addresses. We only expect to use two IPs, but there is potential for more. I don't think it will ever reach anywhere near 20! Appreciate your help. 🙂
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com