Forum Discussion

apara_5691's avatar
apara_5691
Icon for Nimbostratus rankNimbostratus
Jul 28, 2011

Bypass Authentication Form

Good morning!!     I want to bypass an authentication form with an iRule, this is simple with a redirection:     http://example.com/script?user=user&pass=pass     I'm using an LDA...
application delivery
dev
devops
iRules
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Jul 28, 2011
I take it you're not concerned about the lack of security in the solution...

 

 

Basically you need to detect in the iRUle whether the request is for YOUR redirect, or for the user accessing the URI directly. There's a couple of way you could do that. You could

 

 

1. Detect the referrer and if the referrer was ourselves, don't redirect.

 

2. Detect the existence of the ?user=user&pass=pass parameters and don't redirect if the user is already supplying them

 

 

There's probably several other ways... Personally I'd use both... Just as abet and braces check... It's a direct login (The parameter check) AND we told the browser to doit (referrer check)...

 

 

I'd be wary of this approach though... You're leaking the user and password back to the user in the 302 redirect... Never a good idea... There's other ways to skin this cat if you really want automated login.

 

 

H

 

 

H