Forum Discussion
tdaish
Altostratus
AltostratusAPM AdAuth HTTP Header Insert iRule Switch Statement
Hi folks, first forum post here, looking for a hand with iRules! Currently when a user connects from their PC to the Virtual Server, as part of the Access Policy they are presented with an Logon Pa...
As Jason said, there are many ways to do this and your method looks fine. But note your typo in IP::client_addr. And it is good practise to use -- to terminate switch options.
You could also do this by checking whether the header already exists
when ACCESS_ACL_ALLOWED { if { ! [HTTP::header exists iv-user] } { HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] } } }Doh! My bad, thanks for that. I did find that the F5 does not like:
// do nothingwithin those braces, so I have omitted the contents and left it as:
when ACCESS_ACL_ALLOWED { switch -- [IP::client_addr] { "10.0.0.1" - "10.0.0.2" {} default { HTTP::header insert "iv-user" [ACCESS::session data get "session.logon.last.username"] } } }This should be okay right?
JRahm
Admin
AdminHi tdaish, thanks for the question! The switch will work just fine, and sets you up for more client IPs should that be necessary. You could back off to a "not matches_glob" if/else if you wanted to, or progress to a data-group and class statement if exceptions start to hit 20+, but what you have here is sufficient.
tdaishAltostratus
AltostratusThanks for your response! I like this option, something to consider for sure, might combine that with what PeteWhite submitted, to check against inserted headers and source addresses. We only expect to use two IPs, but there is potential for more. I don't think it will ever reach anywhere near 20! Appreciate your help. 🙂