Forum Discussion

umiotoko_95283's avatar
umiotoko_95283
Icon for Nimbostratus rankNimbostratus
Jun 21, 2012

HTTP header inserts null value for first few requests

I'm trying to forward a HTTP header to my application with the username embedded, this allows the application to decide (on it's own, from AD) what to let the user do (or not do).

 

 

 

I have APM with LDAP working, and the session variable is mapped.

 

 

 

PROBLEM: the first several requests (looks like always 3) don't have the username populated. It comes through as "null", then on the 4th request it comes through correctly.

 

 

 

I think this is a timing issue, if I don't initialize the variable, then I can't call it. But if I set it to null, it takes several requests to put the username in, even though APM has successfully authenticated before the first request.

 

I tried moving the set username [A::S data get ldap-nese] under both ACCESS_ACL_COMPLETED and ACCESS_ACL_ALLOWED, no difference.

 

Any suggestions from the experts would be appreciated.

 

 

 

Snip of the iRule in use:

 

--------------------------------------------------------

 

when CLIENT_ACCEPTED {

 

 

if I don't set null values here, we get TCL errors for non-existent variables

 

set username "null"

 

set company "null"

 

 

}

 

 

 

when HTTP_REQUEST {

 

Wipe the session header if the client sends it (security)

 

if { [HTTP::header exists "X-Auth-Client"] } { HTTP::header remove "X-Auth-Client" }

 

HTTP::header insert "X-Auth-Client" $username

 

 

 

}

 

 

when ACCESS_ACL_ALLOWED {

 

 

Get the username from APM/LDAP to insert into logs...

 

set username [ACCESS::session data get "session.logon.last.username"]

 

 

}

 

when ACCESS_ACL_COMPLETED {

 

 

Get the username from APM/LDAP to insert into logs...

 

set username [ACCESS::session data get "session.logon.last.username"]

 

 

}

 

  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    What is happening is the HTTP_REQUEST fires before the ACCESS_ACL_* events fire. This is why you are seeing the blank HTTP header. You can move the HTTP_REQUEST to HTTP_REQUEST_SEND. This should only fire after the APM has run.

     

  • Yes, thanks. I tried HTTP::header (insert/replace) but this produced a TCL error. I finally ran across a reference to clientside and that fixed it.

     

     

    when HTTP_REQUEST_SEND {

     

    clientside { HTTP::header insert "X-Auth-Client" $username }

     

    }