Forum Discussion
smilanko_261688
Cirrus
CirrusHeaders not being set at http_request
I am working on a clientless APM process with F5, where the clients requesting a webservice will use http basic authentication to present their credentials. Once the APM retrieves the username/passwo...
I ended up ensuring that the headers are being set before the request is sent, using HTTP_REQUEST_SEND. Here is the working iRule:
when HTTP_REQUEST { insert clientless mode set apmsessionid [HTTP::cookie value MRHSession] if { [HTTP::cookie exists "MRHSession"] } { set apmstatus [ACCESS::session exists -state_allow $apmsessionid]} else {set apmstatus 0} if {!($apmstatus)} { Insert Clientless-mode header to start APM in clientless mode if { [catch {HTTP::header insert "clientless-mode" 1} ] } {log local0. "[IP::client_addr]:[TCP::client_port] : TCL error on HTTP header insert clientless-mode : URL : [HTTP::host][HTTP::path] - Headers : [HTTP::request]"} } } when HTTP_REQUEST_SEND { clientside { empty the current headers HTTP::header remove username HTTP::header remove domain HTTP::header remove roles set the headers needed for the application HTTP::header insert username [ACCESS::session data get session.custom.login] HTTP::header insert domain [ACCESS::session data get session.custom.domain] HTTP::header insert roles [ACCESS::session data get session.custom.roles] } } when ACCESS_POLICY_COMPLETED { Authentication request for non bowser user-agent session denied if { ([ACCESS::policy result] equals "deny") } { ACCESS::respond 401 noserver WWW-Authenticate "Basic realm=\"My Web Services Authentication\"" Connection close ACCESS::session remove return } else { set allRoles "" grab the session data containing the groups associated with the member set s [ACCESS::session data get "session.ad.last.attr.memberOf"] set matched [split [string map [list {| CN=} \0] $s] \0] foreach match $matched { if { $match != "" } { puts [string range $match 0 [expr [string first , $match] - 1]] set queryarray [split $match ","] set firstvalue [lindex $queryarray 0] set cleaneddata [string toupper [join $firstvalue _]] if { [string length allRoles] == 0 } { append allRoles "ROLE_$cleaneddata" } else { append allRoles ",ROLE_$cleaneddata" } } } puts $allRoles grab the session data containing the username associated with the member ACCESS::session data set session.custom.login [ACCESS::session data get "session.logon.last.logonname"] grab the session data containing the domaiin associated with the member ACCESS::session data set session.custom.domain [ACCESS::session data get "session.ad.last.actualdomain"] grab the session data containing the roles associated with the member ACCESS::session data set session.custom.roles $allRoles } }
Yann_Desmarest_
Nacreous
NacreousHi,
I think that you can insert the header for the application in an ACCESS_ACL_ALLOWED event instead of HTTP_REQUEST :
when ACCESS_ACL_ALLOWED {
empty the current headers
HTTP::header remove username
HTTP::header remove domain
HTTP::header remove roles
set the headers needed for the application
HTTP::header insert username [ACCESS::session data get session.custom.login]
HTTP::header insert domain [ACCESS::session data get session.custom.domain]
HTTP::header insert roles [ACCESS::session data get session.custom.roles]
log " sending [HTTP::header username]"
log " sending [HTTP::header domain]"
log " sending [HTTP::header roles]"
}
Wiki page for this event : ACCESS_ACL_ALLOWED
smilanko_261688Cirrus
CirrusThis did not work for me, however, it does not mean it would not work for others. Possibly something to try. I did manager, however, to figure out a solution. Posting now