Forum Discussion
Suri
Altostratus
AltostratusHelp with K54399691 iRule
Hey everybody, Maybe it's just me, but the phrasing in the K54399691 article makes my eyes cross... If I understand it correctly, I need to implement an iRule to capture the HTTP headers in a variab...
SuriAltostratus
AltostratusAlright, after a bit of fussing with syntax issues (and trying a couple alternative methods) our folks are testing with this iRule:
# When a POST is made, capture the original headers in "header" variable
when HTTP_REQUEST {
if {[HTTP::method] eq "POST"}{
set header HTTP::header
}
}
# When APM allows access, set original headers
when ACCESS_ACL_ALLOWED {
set HTTP::header $header
}It sounds like it's working better, but if it requires some tweaking I'll update my post here so others can use this if needed.
- Suri
Okay, so it turns out we were having another issue here. We found if the external application calling our F5 tried once it would fail, but the second try would succeed (with complete headers being passed). It didn't matter what the iRule did there, the behavior was the same. It seems what was happening is the app would hit the page and receive a 302 redirect to /my.policy which stripped the headers. We ended up creating an iRule that used Clientless Mode 3 which will still prompt for 401 authentication as desired, but prevent a 302 redirect to /my.policy. We targeted the specific URI that needs 401 authentication for this app to work, leaving other URIs with the default mode. After this change, the authentication succeeded and passed the backend headers and body as expected.
when HTTP_REQUEST { if {[HTTP::uri] starts_with "/desiredURI"} { HTTP::header insert "clientless-mode" 3 } }__PRESENT