Forum Discussion
Nimbostratusirule for redirect and header injection
we have an application going through APM with AD authentication. A irule is applied to redirect it directly to backend server and is functioning. I need to insert "X-Authenticated-User" "true" to the header. very little experience with tcl. does the below look accurate? thanks
when HTTP_REQUEST {
if { (([HTTP::uri] equals "/app123") or ([HTTP::host] equals "app234.mydomain")) } {
HTTP::redirect "https://server234.mydomain/app123"
return
}
HTTP::header insert "X-Authenticated-User" "true"
}
3 Replies
VGF5Cumulonimbus
Your iRule logic is correct for "inject header only if not redirecting." If you want the header to be present on requests that are redirected, that's not possible, redirects are handled by the client, not the backend. If you want the header on proxied requests, your iRule is correct.
Here is the irule
when HTTP_REQUEST {
if { ([HTTP::uri] equals "/app123") or ([HTTP::host] equals "app234.mydomain") } {
HTTP::redirect "https://your-backend-url.example.com"
return
}
HTTP::header replace "X-Authenticated-User" "true"
}- Injeyan_Kostas
Nacreous
You cannot force client to use an HTTP Header in redirect.
But it seems like you try to achieve a type of sso, like if you are authenticated to APM you are free to access backend app.
In this case why don't you just protect backend app with the same APM policy and inject the header when forwarding traffic to the backend server?
- Aswin_mk
MVP
Hi,
Can you try this, if possible, i am not checked the syntax, just created as per requirement.when HTTP_REQUEST {
if { [ACCESS::policy result] eq "allow" } {
set username [ACCESS::session data get "session.logon.last.username"]
if { $username ne "" } {
HTTP::header insert "X-Authenticated-User" $username
}
}
}
