Forum Discussion

yeser's avatar
yeser
Icon for Nimbostratus rankNimbostratus
Nov 05, 2008

http_process_state_prepend

Hi,

 

 

I developed this iRule to authenticate via LDAP and show a customized page if authentication failure or error:

 

 

when CLIENT_ACCEPTED {

 

set asid [AUTH::start pam apache_ldap_authform]

 

}

 

when HTTP_REQUEST {

 

 

if { ([HTTP::uri] ends_with "/Login.aspx" || [HTTP::uri] ends_with "/login.aspx") && [HTTP::method] equals "GET" } {

 

set login_form [b64decode [lindex $::login 0]]

 

HTTP::respond 200 content $login_form "Content-Type" "text/html"

 

}

 

elseif { [HTTP::uri] ends_with "Login.aspx" && [HTTP::method] equals "POST" } {

 

log "request"

 

HTTP::collect [HTTP::header Content-Length]

 

}

 

}

 

 

when HTTP_REQUEST_DATA {

 

if { ([HTTP::uri] ends_with "/Login.aspx" || [HTTP::uri] ends_with "/login.aspx") && [HTTP::method] equals "POST"} {

 

log "request_data"

 

set namevals [split [HTTP::payload] "&"]

 

for {set i 0} {$i < [llength $namevals]} {incr i} {

 

set params [split [lindex $namevals $i] "="]

 

if { [lindex $params 0] equals "txtUserName" } {

 

set auth_username [lindex $params 1]

 

}

 

if { [lindex $params 0] equals "txtPassword" } {

 

set auth_password [lindex $params 1]

 

}

 

}

 

log "$i, $params, $namevals"

 

AUTH::username_credential $asid $auth_username

 

AUTH::password_credential $asid $auth_password

 

AUTH::authenticate $asid

 

log "$auth_username, $auth_password"

 

}

 

}

 

 

when AUTH_RESULT {

 

set tmm_auth_status [AUTH::status]

 

if { $tmm_auth_status == 0} {

 

log "autenticado."

 

}

 

elseif {$tmm_auth_status == 1} {

 

serverside {

 

log "failure"

 

set auth_failure_form [b64decode [lindex $::auth_failure 0]]

 

HTTP::respond 200 content $auth_failure_form "Content-Type" "text/html"

 

}

 

}

 

else {

 

serverside {

 

set auth_error_form [b64decode [lindex $::auth_error 0]]

 

HTTP::respond 200 content $auth_error_form "Content-Type" "text/html"

 

}

 

}

 

}

 

 

auth_failure,auth_error and login are files in base64 in /var/class

 

 

The problem is that analizying http traffic, F5 sends a reset and the message logged at /var/log/ltm is:

 

 

http_process_state_prepend - Invalid action EV_INGRESS_DATA during ST_HTTP_PREPEND_HEADERS.

 

 

Any idea??

 

 

  • yeser's avatar
    yeser
    Icon for Nimbostratus rankNimbostratus
    I'd like to add that the error message is in this part of the iRule:

     

     

    elseif {$tmm_auth_status == 1} {

     

    serverside {

     

    log "failure"

     

    set auth_failure_form [b64decode [lindex $::auth_failure 0]]

     

    HTTP::respond 200 content $auth_failure_form "Content-Type" "text/html"
  • yeser's avatar
    yeser
    Icon for Nimbostratus rankNimbostratus
    add an "HTTP::collect" to the end of the REQUEST_DATA event right before the AUTH:: commands, and a corresponding "HTTP::release" in the AUTH_RESULT event for the success clause

     

     

    It works! That was the problem.

     

     

    Thank u very much!