Forum Discussion

BP_11400's avatar
BP_11400
Icon for Nimbostratus rankNimbostratus
Jun 06, 2011

iRule auth http check

Hello! So we want to setup an iRule to hit an auth PHP script for every request, and based upon the return code either make the original request or drop them to a login page.     Psuedo code:  ...
application delivery
dev
devops
iRules
The_Bhattman's avatar
The_Bhattman
Icon for Nimbostratus rankNimbostratus
Jun 06, 2011
Hi BP,

 

The iRules do not have that type of functionality - not yet at least. There is an indirect technique you can use but it won't be based a triggered event

 

 

Non test example:

 

 

1. Create an HTTP Monitor to monitor the auth PHP Script looking for the return code "200".

 

2. Create a pool called Monitor AUTH_PHPCHECK_POOL which contains the web server(s) that contain the PHP script and associate the HTTP Monitor

 

3. Then you could use the following iRULE on the virtual address that points to the REAL pool.

 

 


when HTTP_REQUEST {
  
    if {[active_members AUTH_PHPCHECK_POOL] = 0 } {

         Log local0. "Redirect accepted because AUTH_PHPCHECK_POOL monitor failed"
      
         HTTP::redirect "http://[HTTP::host]/login.php"

        }

 }

 

 

There are pro's and cons with this. The one con that comes to mind is you can check the auth php in realtime with respect the HTTP Request- since monitors are based on intervals You can lower to 1 second but that usually isn't recommended for monitoring.

 

 

However, if you are looking to redirect any request based on a HTTP STATUS other then 200 then you can do the following

 

 

when HTTP_RESPONSE {
  if { !([HTTP::status] == 200) } {
     HTTP::redirect "http://[HTTP::host]/login.php"
 }
}
This doesn't check the exact PHP script - it simply redirects you based on the website responding back with anything beyond a HTTP STATUS Code of 200.

 

I hope this helps,

 

Bhattman