Unfortunately, that doesn't seem to do the trick. After my call to HTTP::collect, execution of the event handler continues on, and it "slips" into the rest of the iRule, which forces the user to authenticate if they're not from a .gov or .mil address. However, if it worked as planned, it'd block until the name resolved to blah.mil, then it'd know it should skip authentication.
Here's a chronologically accurate copy from my log file, with notes.
In the code, I do this:
if { $::DEBUG } { log local0. "before lookup..." }
HTTP::collect
NAME::lookup $::clientIP
if { $::DEBUG } { log local0. "after lookup..." }
and thus there are log messages in NAME_RESOLVED event that should come inbetween "before lookup..." and "after lookup...", but you'll see below that "before lookup..." and "after lookup..." are right next to each other in the log:
**** original request is sent:
: Request for home.dcma.mil/
: Checking to see if this request is coming form a DoD client address - performing reverse-lookup on xxx.xxx.xxx.xxx (xx'ed out for security).
: before lookup...
**** the following code should execute AFTER the NAME_RESOLVED event releases the HTTP collect, but it's executing immediately (it seems HTTP collect doesn't do anything)!!! ****
: after lookup...
: User not recognized as being DCMA, DOD, or AUTHED...setting to EXT and mustauth to 1.
*** Next, here's the NAME_RESOLVED event firing - too late!!! ****
: Client IP (xxx.xxx.xxx.xxx) resolved to hostname (www.test.mil)
: This is a DoD client (.mil or .gov) address.
**** Unfortunately, the authentication prompt is going to be shown next ****
: Failed authentication (AUTH::status=2)
**** However, subsequent requests all are recognized as DOD (thru use of cookies), but it's just that first one that won't wait quite long enough for the NAME_RESOLVED event to fire... ***
: Request for home.dcma.mil/templates/dcmastyle.css
: clientType: DOD
: URI is not protected for DoD users, no need to authenticate.