For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smilanko_261688's avatar
smilanko_261688
Icon for Cirrus rankCirrus
Jul 07, 2016

Attempting to incorporate IRule basic auth with an access policy

Here is my scenario: Some webservice clients might hit a particular url. For the purpose of this question, lets say that is www.example.com/webserviceOne/one When they hit this, Basic Authenticat...
BIG-IP Access Policy Manager (APM)
devops
iRules
security
smilanko_261688's avatar
smilanko_261688
Icon for Cirrus rankCirrus
Jul 07, 2016

I solved my problem by using

when ACCESS_SESSION_STARTED

instead of

when HTTP_REQUEST

My IRule looks like this:

when ACCESS_SESSION_STARTED {

    if {[HTTP::username] eq "" || [HTTP::password] eq ""} {
        ACCESS::respond 401 WWW-Authenticate "Basic realm=\"EXAMPLE\""
        return
    } else {
        ACCESS::session data set "session.logon.last.username" [HTTP::username]
        ACCESS::session data set "session.logon.last.password" [HTTP::password]
    }

}