For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

brad_11480's avatar
brad_11480
Icon for Nimbostratus rankNimbostratus
Nov 20, 2015
when RULE_INIT { 
must recognize attempts to login to application (e.g., CareLink) 
    set static::login_action "/EpicCareLink/common/epic_check.asp" 
    set static::uid_field "Account_ID" 
}

when HTTP_REQUEST { 
   set savecreds false 
   if {([HTTP::uri] eq $static::login_action) && ([HTTP::method] eq "POST")} { 
client is attempting application login, so we will save the username 
     set savecreds true 
     set uid "" 
     set clen [HTTP::header Content-Length] 
     set clen [expr {(($clen eq "") || ($clen > 10240)) ? 10240 : $clen}] 
     if {$clen > 0} { HTTP::collect $clen } 
     return 
   }
}

when HTTP_REQUEST_DATA { 
   foreach field [split [HTTP::payload] "&"] { 
     foreach {n v} [split $field "="] { 
       if {$n eq $static::uid_field} { 
         set uid [URI::decode $v] 
       } 
     } 
     if {$uid ne ""} { break } 
   } 
   HTTP::release
}

when ACCESS_ACL_ALLOWED { 
   if { $savecreds } { 
     ACCESS::session data set session.custom.carelinkusername $uid 
   }
}