Forum Discussion
yeser
Nov 05, 2008Nimbostratus
http_process_state_prepend
Hi,
I developed this iRule to authenticate via LDAP and show a customized page if authentication failure or error:
when CLIENT_ACCEPTED {
set asid [AUTH::start pam apache_ldap_authform]
}
when HTTP_REQUEST {
if { ([HTTP::uri] ends_with "/Login.aspx" || [HTTP::uri] ends_with "/login.aspx") && [HTTP::method] equals "GET" } {
set login_form [b64decode [lindex $::login 0]]
HTTP::respond 200 content $login_form "Content-Type" "text/html"
}
elseif { [HTTP::uri] ends_with "Login.aspx" && [HTTP::method] equals "POST" } {
log "request"
HTTP::collect [HTTP::header Content-Length]
}
}
when HTTP_REQUEST_DATA {
if { ([HTTP::uri] ends_with "/Login.aspx" || [HTTP::uri] ends_with "/login.aspx") && [HTTP::method] equals "POST"} {
log "request_data"
set namevals [split [HTTP::payload] "&"]
for {set i 0} {$i < [llength $namevals]} {incr i} {
set params [split [lindex $namevals $i] "="]
if { [lindex $params 0] equals "txtUserName" } {
set auth_username [lindex $params 1]
}
if { [lindex $params 0] equals "txtPassword" } {
set auth_password [lindex $params 1]
}
}
log "$i, $params, $namevals"
AUTH::username_credential $asid $auth_username
AUTH::password_credential $asid $auth_password
AUTH::authenticate $asid
log "$auth_username, $auth_password"
}
}
when AUTH_RESULT {
set tmm_auth_status [AUTH::status]
if { $tmm_auth_status == 0} {
log "autenticado."
}
elseif {$tmm_auth_status == 1} {
serverside {
log "failure"
set auth_failure_form [b64decode [lindex $::auth_failure 0]]
HTTP::respond 200 content $auth_failure_form "Content-Type" "text/html"
}
}
else {
serverside {
set auth_error_form [b64decode [lindex $::auth_error 0]]
HTTP::respond 200 content $auth_error_form "Content-Type" "text/html"
}
}
}
auth_failure,auth_error and login are files in base64 in /var/class
The problem is that analizying http traffic, F5 sends a reset and the message logged at /var/log/ltm is:
http_process_state_prepend - Invalid action EV_INGRESS_DATA during ST_HTTP_PREPEND_HEADERS.
Any idea??
- yeserNimbostratusI'd like to add that the error message is in this part of the iRule:
- yeserNimbostratusadd an "HTTP::collect" to the end of the REQUEST_DATA event right before the AUTH:: commands, and a corresponding "HTTP::release" in the AUTH_RESULT event for the success clause
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects