Forum Discussion

minow123_359638's avatar
minow123_359638
Icon for Nimbostratus rankNimbostratus
Dec 31, 2018

APM Web Portal Access URLs for iRules and SSO

Hey

 

I am trying to publish this post on devcenteral but getting an error that the post was identified as spam “Content has been identified as spam. If this is not the case, please contact devcentral@.”

 

This is the post’s details

 

hey

 

i am publishing an internal resource using APM. i need to configure SSO and non of the built-ins are suitable for me. i have checked and the application is submitting an HTTP Post to the "/api/account/login" when it starts up. i have configured an iRule that will replace the payload of the JSON and populate it with the username and password of the user. the question is how can i make this iRule only runs on request to the specifix resource. this is the iRule code i am using however i could only match on the specific PATH.

 

 Collect a request payload
when HTTP_REQUEST {
    
    if {"[HTTP::host][HTTP::path]" eq "/api/account/login"}{
        if {[HTTP::method] eq "POST"}{
             Trigger collection for up to 1MB of data
            if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
                set content_length [HTTP::header "Content-Length"]
            } else {
                set content_length 1048576
            }
             Check if $content_length is not set to 0
            if { $content_length > 0} {
                HTTP::collect $content_length
            }
        }
    }
}
when HTTP_REQUEST_DATA {
   do stuff with the payload
    set newPayload [HTTP::payload]
    log local0. $newPayload
    set username [ACCESS::session data get "session.custom.username"]
    set password [ACCESS::session data get "session.custom.password"]
    set search1 \"username\":\"\"
    set replace1 \"username\":\"$username\"
    set search2 \"password\":\"\"
    set replace2 \"password\":\"$password\"
    set newPayload [string map [list $search1 $replace1 $search2 $replace2] $newPayload]
    HTTP::payload replace 0 $content_length $newPayload
    log local0. [HTTP::payload]
}

the HTTP::host parameter is "https://domain.com/f5-w-687474703a2f2f3137322e31392e34372e3430$$/app//login" is the "f5-w-687474703a2f2f3137322e31392e34372e3430$$" string is a static one for an application ? can i use it to verify that the request is for the backend application ?

 

application delivery
BIG-IP Access Policy Manager (APM)
iRules
security
  • Rico's avatar
    Rico
    Icon for Cirrus rankCirrus
    Dec 31, 2018

    minow,

     

    This iRule code has a small error.

     

    if {"[HTTP::host][HTTP::path]" eq "/api/account/login"}{

    This piece of code is trying to match the host and path to just the path. I would suggest changing it to this.

     

    if {[HTTP::path] eq "/api/account/login"}{

    Other than that error, the code seems to work fine for me. If you have 'f5-w-687474703a2f2f3137322e31392e34372e3430$$' set up as a static route, you should be able to use that to trigger your iRule, or if it is a dynamic path name, you could use 'contains' instead of 'eq' to trigger a conditional.

     

    Let me know if you have any other questions.