For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mike_drennen_16's avatar
mike_drennen_16
Icon for Cirrus rankCirrus
Jul 24, 2015

Insert HTTP headers when accessing a Webtop link

I am having an issue and am hoping for some guidance or a link to point me in the correct direction. Within my Access Policy, I am needing to add HTTP headers when selecting one webtop link. Can I add it with an HTTP_REQUEST irule? That seems to be the most simple and direct way, something like:

when HTTP_REQUEST {
  if { [HTTP::uri] contains "VendorPortal_test"} {
     HTTP::header insert customer "[ACCESS::session data get session.ad.last.attr.extensionAttribute1]"
     HTTP::header insert document "[ACCESS::session data get session.ad.last.attr.extensionAttribute2]"
     }         
}

Any guidance would be appreciated.

Thanks,

Mike

application delivery
BIG-IP Access Policy Manager (APM)
design
devops
iRules
security

5 Replies

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Jul 24, 2015

    If your webtop link is going to a page sitting behind your F5, then you could use your iRule to add headers to the request.

     

    If the link goes to an external site, then I don't think you'll be able to insert any headers, as there's not way for the F5 to intercept the traffic. Even with a 30x redirect too, it wouldn't force the browser to send the desired headers on the request. You would need to link to a url on the F5 that could proxy the request to the real server so you can inject those headers.

     

  • mike_drennen_16's avatar
    mike_drennen_16
    Icon for Cirrus rankCirrus
    Jul 27, 2015

    Michael,

     

    Thanks for the reply. I currently have the link running through a virtual server so that traffic is going through the F5. When I look at the traffic passing, I'm not seeing the headers inserted with the iRule above. I am able to successfully get to the link by going to

     

  • mike_drennen_16's avatar
    mike_drennen_16
    Icon for Cirrus rankCirrus
    Jul 27, 2015

    Michael,

     

    Thanks for the reply. I currently have the link running through a virtual server so that traffic is going through the F5. When I look at the traffic passing, I'm not seeing the headers inserted with the iRule above. I am able to successfully get to the link by going to

     

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Jul 27, 2015

    So the user's request goes to your VIP, and gets proxied to backend site? If you add some logging to your irule, do you see anything in the ltm log? Something like:

    when HTTP_REQUEST {
    log local0. "URI: '[HTTP::uri]'"
    if { [HTTP::uri] contains "VendorPortal_test"} {
        log local0. "  VenderPortal_Test - Adding headers"

        log local0. "    Adding 'customer': '[ACCESS::session data get session.ad.last.attr.extensionAttribute1]'"
        HTTP::header insert customer "[ACCESS::session data get session.ad.last.attr.extensionAttribute1]"

        log local0. "    Adding 'document': '[ACCESS::session data get session.ad.last.attr.extensionAttribute2]'"
        HTTP::header insert document "[ACCESS::session data get session.ad.last.attr.extensionAttribute2]"
    }         
}

    This could help determine if anything actually happening or not.

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jul 28, 2015

    look the following link:

    https://devcentral.f5.com/wiki/iRules.ACCESS_ACL_ALLOWED.ashx

    ACCESS_ACL_ALLOWED is raised even if no ACL is defined.

    when HTTP_REQUEST {
    set uri [HTTP::uri]
}

when ACCESS_ACL_ALLOWED {
    if { $uri contains "VendorPortal_test"} {
        HTTP::header insert customer "[ACCESS::session data get session.ad.last.attr.extensionAttribute1]"
        HTTP::header insert document "[ACCESS::session data get session.ad.last.attr.extensionAttribute2]"
    }  
}