For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bhargav_9588's avatar
Bhargav_9588
Icon for Nimbostratus rankNimbostratus
Feb 15, 2010

getfield Parsing error

Hello,     I am trying to add an iRule to insert an http header value by stripping out domain from REMOTE_USER header. The following is the iRule I am trying to use:     when HTT...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 16, 2010
NTLM is a bit more complicated than basic auth. The encoded username and domain is only included on type 3 messages. If the client uses the same connection for multiple HTTP requests, I think the type 3 message will only be sent on the first request/challenge/response exchange. So if you need to insert something from the username or domain in a custom HTTP header for every request, you might need to save the parsed username and manually insert it even if the authorization header isn't present for the current request.

 

 

Check this post for some references and options for parsing the Authorization header. If you read through the post and first link and still have questions, reply here.

 

 

Filter users authenticatiing via NTLM (MOSS) by domain name

 

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3455834634

 

 

NTLM Authentication Scheme for HTTP

 

http://www.innovation.ch/personal/ronald/ntlm.html

 

 

The NTLM Authentication Protocol and Security Support Provider

 

http://davenport.sourceforge.net/ntlm.html

 

 

Aaron