Forum Discussion

Cirrus

Dec 10, 2015

Check Authorization / WWW-Authenticate headers

Hi. I am trying to make sure that the user what is trying to/has authenticated to a site w/ Basic Auth matches a user in a list. However, I cannot force the server to prompt if the user/pass is not a...

application delivery

BIG-IP Access Policy Manager (APM)

iRules

Stanislas_Piro2

Cumulonimbus

Dec 12, 2015

Erich,

in your irule, replace the code:

set basicuserid [string tolower [getfield [b64decode [lindex [HTTP::header Authorization] 1]] ":" 1]]

with:

if {[catch {set basicuserid [HTTP::username] }]} { set basicuserid ""}

It does the same thing but with the F5 header.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Check Authorization / WWW-Authenticate headers

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

JWT authorization with NGINX Ingress Controller

OWASP Tactical Access Defense Series: Broken Function Level Authorization (BFLA)

ASM irule to disable attack signature authorization header with specific value

iRule - Authorization Bearer / Basic

(HTTP) Redirection via Arbitrary Host Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS