Forum Discussion

Cirrus

Dec 10, 2015

Check Authorization / WWW-Authenticate headers

Hi. I am trying to make sure that the user what is trying to/has authenticated to a site w/ Basic Auth matches a user in a list. However, I cannot force the server to prompt if the user/pass is not a...

application delivery

BIG-IP Access Policy Manager (APM)

iRules

Stanislas_Piro2

Cumulonimbus

Dec 11, 2015

OK,

Tell me if I am wrong:

you have a list of authorized users: userlist
if a user try to authenticate with a user in the userlist, he will be able to authenticate to backend server
if the user is not in the userlist, he will receive a block page from BigIP

What is the expected behavior if the user does not provide any authentication header (default mode of the first request from a browser)

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Check Authorization / WWW-Authenticate headers

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

JWT authorization with NGINX Ingress Controller

OWASP Tactical Access Defense Series: Broken Function Level Authorization (BFLA)

ASM irule to disable attack signature authorization header with specific value

iRule - Authorization Bearer / Basic

(HTTP) Redirection via Arbitrary Host Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS