Forum Discussion
Help with K54399691 iRule
Alright, after a bit of fussing with syntax issues (and trying a couple alternative methods) our folks are testing with this iRule:
# When a POST is made, capture the original headers in "header" variable
when HTTP_REQUEST {
if {[HTTP::method] eq "POST"}{
set header HTTP::header
}
}
# When APM allows access, set original headers
when ACCESS_ACL_ALLOWED {
set HTTP::header $header
}
It sounds like it's working better, but if it requires some tweaking I'll update my post here so others can use this if needed.
Okay, so it turns out we were having another issue here. We found if the external application calling our F5 tried once it would fail, but the second try would succeed (with complete headers being passed). It didn't matter what the iRule did there, the behavior was the same. It seems what was happening is the app would hit the page and receive a 302 redirect to /my.policy which stripped the headers. We ended up creating an iRule that used Clientless Mode 3 which will still prompt for 401 authentication as desired, but prevent a 302 redirect to /my.policy. We targeted the specific URI that needs 401 authentication for this app to work, leaving other URIs with the default mode. After this change, the authentication succeeded and passed the backend headers and body as expected.
when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/desiredURI"} {
HTTP::header insert "clientless-mode" 3
}
}
__PRESENT
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com