Forum Discussion

tdaish's avatar
tdaish
Icon for Altostratus rankAltostratus
Aug 15, 2023

APM AdAuth HTTP Header Insert iRule Switch Statement

Hi folks, first forum post here, looking for a hand with iRules!  Currently when a user connects from their PC to the Virtual Server, as part of the Access Policy they are presented with an Logon Pa...
application delivery
  • PeteWhite's avatar
    PeteWhite
    Aug 17, 2023

    As Jason said, there are many ways to do this and your method looks fine.  But note your typo in IP::client_addr. And it is good practise to use -- to terminate switch options.

    You could also do this by checking whether the header already exists

    when ACCESS_ACL_ALLOWED
{
     if { ! [HTTP::header exists iv-user] } {
          HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] }
     }
}

     

  • tdaish's avatar
    tdaish
    Aug 21, 2023

    Doh! My bad, thanks for that. I did find that the F5 does not like:

    // do nothing

     within those braces, so I have omitted the contents and left it as:

    when ACCESS_ACL_ALLOWED
{
     switch -- [IP::client_addr] {
          "10.0.0.1" -
          "10.0.0.2" {}
     default {
          HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] }
     }
}

    This should be okay right?

PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Aug 17, 2023

As Jason said, there are many ways to do this and your method looks fine.  But note your typo in IP::client_addr. And it is good practise to use -- to terminate switch options.

You could also do this by checking whether the header already exists

when ACCESS_ACL_ALLOWED
{
     if { ! [HTTP::header exists iv-user] } {
          HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] }
     }
}

 

  • tdaish's avatar
    tdaish
    Icon for Altostratus rankAltostratus
    Aug 18, 2023

    Thanks for the response! Yes, that was me fat fingering it here, code I've written up/exists currently does not have that typo. So to clarify your comment on switch termination, it would be as follows then:

    when ACCESS_ACL_ALLOWED
{
     switch [IP::client_addr]{
          "10.0.0.1" -
          "10.0.0.2" -- { //do nothing }
     default {
          HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] }
     }
}

    I like that code you have provided for checking existing headers, really appreciate the options here.

    • PeteWhite's avatar
      PeteWhite
      Icon for Employee rankEmployee
      Aug 18, 2023

      Hiya, when I mentioned the switch termination i meant this ie the -- after the switch command

      when ACCESS_ACL_ALLOWED
{
     switch -- [IP::client_addr] {
          "10.0.0.1" -
          "10.0.0.2" { //do nothing }
     default {
          HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] }
     }
}
      • tdaish's avatar
        tdaish
        Icon for Altostratus rankAltostratus
        Aug 21, 2023

        Doh! My bad, thanks for that. I did find that the F5 does not like:

        // do nothing

         within those braces, so I have omitted the contents and left it as:

        when ACCESS_ACL_ALLOWED
{
     switch -- [IP::client_addr] {
          "10.0.0.1" -
          "10.0.0.2" {}
     default {
          HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] }
     }
}

        This should be okay right?