Forum Discussion

umiotoko_95283's avatar
Icon for Nimbostratus rankNimbostratus
Jun 21, 2012

HTTP header inserts null value for first few requests

I'm trying to forward a HTTP header to my application with the username embedded, this allows the application to decide (on it's own, from AD) what to let the user do (or not do).




I have APM with LDAP working, and the session variable is mapped.




PROBLEM: the first several requests (looks like always 3) don't have the username populated. It comes through as "null", then on the 4th request it comes through correctly.




I think this is a timing issue, if I don't initialize the variable, then I can't call it. But if I set it to null, it takes several requests to put the username in, even though APM has successfully authenticated before the first request.


I tried moving the set username [A::S data get ldap-nese] under both ACCESS_ACL_COMPLETED and ACCESS_ACL_ALLOWED, no difference.


Any suggestions from the experts would be appreciated.




Snip of the iRule in use:







if I don't set null values here, we get TCL errors for non-existent variables


set username "null"


set company "null"









Wipe the session header if the client sends it (security)


if { [HTTP::header exists "X-Auth-Client"] } { HTTP::header remove "X-Auth-Client" }


HTTP::header insert "X-Auth-Client" $username










Get the username from APM/LDAP to insert into logs...


set username [ACCESS::session data get "session.logon.last.username"]








Get the username from APM/LDAP to insert into logs...


set username [ACCESS::session data get "session.logon.last.username"]





2 Replies

  • Richard__Harlan's avatar
    Historic F5 Account
    What is happening is the HTTP_REQUEST fires before the ACCESS_ACL_* events fire. This is why you are seeing the blank HTTP header. You can move the HTTP_REQUEST to HTTP_REQUEST_SEND. This should only fire after the APM has run.


  • Yes, thanks. I tried HTTP::header (insert/replace) but this produced a TCL error. I finally ran across a reference to clientside and that fixed it.





    clientside { HTTP::header insert "X-Auth-Client" $username }