Forum Discussion
david78
Nimbostratus
NimbostratusBasic-auth (401) without redirection to /my.policy
Hi,
We use our Bigip like a reverse-proxy with iRules "ProxyPass".
We are in v11
We need to authenticate our users with basic-auth method (HTTP code 401).
...
Hugo_Frauches_2
Cirrus
CirrusHello David,
I dont know if you still have this problem, but i manage to solve it with this iRule i get from DevCentral, you just need to use this iRule with the Normal Auth box on your Access policy.
Code
when HTTP_REQUEST {
set apmsessionid [HTTP::cookie value MRHSession]
if { [HTTP::cookie exists "MRHSession"] } {set apmstatus [ACCESS::session exists -state_allow $apmsessionid]} else {set apmstatus 0}
if { !($apmstatus)} {
if { [ string match -nocase {basic *} [HTTP::header Authorization] ] == 1 } {
set clientless(insert_mode) 1
set clientless(username) [ string tolower [HTTP::username] ]
set clientless(password) [HTTP::password]
binary scan [md5 "$clientless(password)"] H* clientless(hash)
set user_key "$clientless(username).$clientless(hash)"
set clientless(cookie_list) [ ACCESS::user getsid $user_key ]
if { [ llength $clientless(cookie_list) ] != 0 } {
set clientless(cookie) [ ACCESS::user getkey [ lindex $clientless(cookie_list) 0 ] ]
if { $clientless(cookie) != "" } {
HTTP::cookie insert name MRHSession value $clientless(cookie)
set clientless(insert_mode) 0
}
}
if { $clientless(insert_mode) } {
HTTP::header insert "clientless-mode" 1
HTTP::header insert "username" $clientless(username)
HTTP::header insert "password" $clientless(password)
}
unset clientless
} else {
HTTP::respond 401 noserver WWW-Authenticate "Basic realm=\"[HTTP::host] Authentication\"" Set-Cookie "MRHSession=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/" Connection close
return
}
}
}
when ACCESS_POLICY_COMPLETED {
if { ([ACCESS::policy result] equals "deny") } {
set host [ACCESS::session data get "session.network.name"]
ACCESS::respond 401 noserver WWW-Authenticate "Basic realm=\"$host Authentication\"" Connection close
ACCESS::session remove
}
}
