For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

yeser's avatar
yeser
Icon for Nimbostratus rankNimbostratus
Nov 05, 2008

http_process_state_prepend

Hi,

 

 

I developed this iRule to authenticate via LDAP and show a customized page if authentication failure or error:

 

 

when CLIENT_ACCEPTED {

 

set asid [AUTH::start pam apache_ldap_authform]

 

}

 

when HTTP_REQUEST {

 

 

if { ([HTTP::uri] ends_with "/Login.aspx" || [HTTP::uri] ends_with "/login.aspx") && [HTTP::method] equals "GET" } {

 

set login_form [b64decode [lindex $::login 0]]

 

HTTP::respond 200 content $login_form "Content-Type" "text/html"

 

}

 

elseif { [HTTP::uri] ends_with "Login.aspx" && [HTTP::method] equals "POST" } {

 

log "request"

 

HTTP::collect [HTTP::header Content-Length]

 

}

 

}

 

 

when HTTP_REQUEST_DATA {

 

if { ([HTTP::uri] ends_with "/Login.aspx" || [HTTP::uri] ends_with "/login.aspx") && [HTTP::method] equals "POST"} {

 

log "request_data"

 

set namevals [split [HTTP::payload] "&"]

 

for {set i 0} {$i < [llength $namevals]} {incr i} {

 

set params [split [lindex $namevals $i] "="]

 

if { [lindex $params 0] equals "txtUserName" } {

 

set auth_username [lindex $params 1]

 

}

 

if { [lindex $params 0] equals "txtPassword" } {

 

set auth_password [lindex $params 1]

 

}

 

}

 

log "$i, $params, $namevals"

 

AUTH::username_credential $asid $auth_username

 

AUTH::password_credential $asid $auth_password

 

AUTH::authenticate $asid

 

log "$auth_username, $auth_password"

 

}

 

}

 

 

when AUTH_RESULT {

 

set tmm_auth_status [AUTH::status]

 

if { $tmm_auth_status == 0} {

 

log "autenticado."

 

}

 

elseif {$tmm_auth_status == 1} {

 

serverside {

 

log "failure"

 

set auth_failure_form [b64decode [lindex $::auth_failure 0]]

 

HTTP::respond 200 content $auth_failure_form "Content-Type" "text/html"

 

}

 

}

 

else {

 

serverside {

 

set auth_error_form [b64decode [lindex $::auth_error 0]]

 

HTTP::respond 200 content $auth_error_form "Content-Type" "text/html"

 

}

 

}

 

}

 

 

auth_failure,auth_error and login are files in base64 in /var/class

 

 

The problem is that analizying http traffic, F5 sends a reset and the message logged at /var/log/ltm is:

 

 

http_process_state_prepend - Invalid action EV_INGRESS_DATA during ST_HTTP_PREPEND_HEADERS.

 

 

Any idea??

 

 

application delivery
dev
devops
iRules

2 Replies

  • yeser's avatar
    yeser
    Icon for Nimbostratus rankNimbostratus
    Nov 05, 2008
    I'd like to add that the error message is in this part of the iRule:

     

     

    elseif {$tmm_auth_status == 1} {

     

    serverside {

     

    log "failure"

     

    set auth_failure_form [b64decode [lindex $::auth_failure 0]]

     

    HTTP::respond 200 content $auth_failure_form "Content-Type" "text/html"
  • yeser's avatar
    yeser
    Icon for Nimbostratus rankNimbostratus
    Nov 06, 2008
    add an "HTTP::collect" to the end of the REQUEST_DATA event right before the AUTH:: commands, and a corresponding "HTTP::release" in the AUTH_RESULT event for the success clause

     

     

    It works! That was the problem.

     

     

    Thank u very much!