Forum Discussion
NimbostratusCan I use iRules to pass login credentials to a web login page
Has anyone used iRules to pass login credentials to a web login page?
5 Replies
- Kevin_Stewart
Employee
Of course, and this is actually something that the Access Policy Manager (APM) module does out-of-the-box without iRules. But in lieu of that, a form logon is almost always a POST method with payload, so how you submit that depends on how and when you collect the credentials and how and when you need to submit them. At a minimum, a form POST would look something like this:
POST /login.php /HTTP/1.1 Host: www.thishost.com Content-Type: application/x-www-form-urlencoded Content-Length: 25 username=foo&password=barWhich could be converted to a single line to be sent to the server:
POST /login.php /HTTP/1.1\r\nHost: www.thishost.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 25\r\n\r\nusername=foo&password=bar 
cbrun_147363Thanks for the advice Kevin, unfortunately, I do not have the APM module so I have to use an iRule. I've been looking in the iRule examples for something that would send the POST and can not find it. Can you provide an example to work from? Thanks.
- Kevin_Stewart
I've been looking in the iRule examples for something that would send the POST and can not find it. Can you provide an example to work from?
That's why I was specifically asking about the hows and whens. How and when you collect the credentials, and how and when you re-submit them dictates the implementation. For example, if you wanted to POST credentials through a sideband call, that would be relatively straight forward, and you could do it anywhere. You would create a raw POST request from scratch and then submit it through a sideband connection. But altering the "flow" of traffic through the proxy (in the absence of a sideband process) can get tricky. You could potentially need to first save the original request, and then completely rewrite it as it passes through the proxy. Is the incoming request from the client a GET or a POST? Are you posting these credentials in the same flow that the user is submitting them, or at some other time? How and when do you collect the user's credentials? How and when do you resubmit them?
- cbrun_147363
The incoming request is from a POST, it is for a simple username and password. The intent here is to inject a generic username and password for the user so they do not have to sign in (security, nope!). Thus, I’m not collecting any credentials from the user.
Here is the server POST:
Username: Password:
Domel_163525Hey guys,
I'm trying to get something very similar, if not exactly the same, configured and I was wondering if you could assist me.
I haven't got APM module therefore I would need to use a LTM with an iRule to get it done.
I have a generic account which I would like to use to log in to a website. How would the iRule look like to get this achieved?
