BIGIP-LTM-Version-9.4.8:irule to extract username from HTTP request

Are you not seeing anything logged, or is it incorrect info? Also, is OAS using basic auth?

Dear Chris,

 

 

Thanks for your reply. Yes, whenever i enter virtual server ip, it does show me following output by running (tail -f /var/log/ltm)

 

 

HTTP User/Pass:

 

 

HTTP User/Pass:

 

 

 

Please, clearify basic auth?

 

 

User logins are integrated with LDAP server. Same username is used to access domain and for using application server.

 

Posted By Faaiz on 02/14/2011 08:24 PM

 

Dear Chris,

 

 

Thanks for your reply. Yes, whenever i enter virtual server ip, it does show me following output by running (tail -f /var/log/ltm)

 

 

HTTP User/Pass:

 

 

HTTP User/Pass:

 

 

 

Please, clearify basic auth?

 

 

User logins are integrated with LDAP server. Same username is used to access domain and for using application server.

 

 

According to the wiki page, HTTP::username works for basic auth

 

 

http://devcentral.f5.com/wiki/defau...rname.html

 

 

 

I'm not sure whether your LDAP server is using basic, SASL, or something else.

 

 

 

If the application prompts the user to send the credentials in a POST request, you'd need to inspect the HTTP request payload--not the HTTP Authorization header value (like HTTP::username and HTTP::password do). If you just want to log the username and password, you could use a stream profile and STREAM::expression based iRule. Here's an example that is probably more involved than you need:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/parse_username_from_http_requests_rule.html

 

 

If you want help adapting that to your scenario, can you provide a sample request with anonymized credentials? Can you also confirm the LTM version you're using?

 

 

You can get a sample request using HttpFox for Firefox or Fiddler2.

 

 

Aaron

Dear hoolie,

 

 

Thanks for the link. I vistied this link (http://devcentral.f5.com/wiki/default.aspx/iRules/parse_username_from_http_requests_rule.html ) earlier. Upon your referring, i revisited and got a few hints that helped me to resolve my issue.

 

 

Yes, application prompts for the username and i did exactly as you highlighted and got the solution. Following is my iRule

 

 

when HTTP_REQUEST {

 

if {[HTTP::method] eq "POST" && ([HTTP::payload] contains "j_username") } {log local0. "HTTP User/Pass: [HTTP::payload] FROM {Client IP:[IP::client_addr]} "}

 

}

 

 

Thanks for the Chris as well.

 

 

 

 

Calling HTTP::payload in HTTP_REQUEST will return any of the HTTP payload that was included in the packet(s) which contain the HTTP headers. It's not guaranteed to return any or all of the payload unless you explicitly tell TMM to collect the payload with HTTP::collect and call HTTP::payload in HTTP_REQUEST_DATA.

 

 

If that works for your testing, it would be simpler to use than a stream filter and STREAM::expression based iRule. But if you want a guarantee, you could use the stream filter or HTTP::collect/HTTP::payload.

 

 

Aaron