Forum Discussion
karthik_sriniva
Nimbostratus
NimbostratusiRule help
Hi guys,
I need help with the iRule that i had written. I wrote the iRule for form based radius login. The rule works fine. I can login, the iRule times out at the specified time ot interval. Except for one issue. The images in the login form loads immediately, before a failure login. If I enter a wrong username or password one of the image [random] takes nearly 3 minutes to load. All the image files are less than 16 KB in size. I checked the log file for errors but none. Please let me know what is wrong with the code. We are using BigIp v9.1
For testing purpose timeout value is set to 15 seconds. The login page and the images in the login page are not protected.
when CLIENT_ACCEPTED {
set runRadiusAuthentication 1
set setCookieDuringResp 0
set setModAuthHdr 1
set debugon 0
set cookieName "GTWLogin"
set usernameCookie "GTWUSER"
set username ""
set userpwd ""
set isLoginPage ""
set cookieEncPwd "1xxx5678"
set cookieTimeout 15
set protectedUri "/ll/"
set unprotectedUri "calograd.htm"
set unprotectedUri "/llsupport/"
set loginImgUri "/gtwlogin/"
set unprotectedPage "/gtwlogin/calograd.htm"
set asid [AUTH::start pam default_radius]
set runCustomLogin 1
set isImageUrl 0
}
when HTTP_REQUEST {
set cookieDomain [HTTP::host]
set cookieExists [HTTP::cookie exists $cookieName]
set requestedUri [HTTP::uri]
if {$requestedUri contains ".png" ||
$requestedUri contains ".gif" ||
$requestedUri contains ".jpg" ||
$requestedUri contains ".jpeg" ||
$requestedUri contains ".css" } {
set isImageUrl 1
}
if { [HTTP::cookie exists $usernameCookie] } {
set username [HTTP::cookie value $usernameCookie]
}
if { [HTTP::uri] contains $protectedUri } {
set runCustomLogin 1
}
if { $requestedUri contains $unprotectedUri ||
$requestedUri contains $loginImgUri ||
$requestedUri contains ".png" ||
$requestedUri contains ".gif" ||
$requestedUri contains ".jpg" ||
$requestedUri contains ".jpeg" ||
$requestedUri contains ".css" } {
set runCustomLogin 0
set setModAuthHdr 0
}
if { [HTTP::path] contains $unprotectedPage } {
set setModAuthHdr 0
set runCustomLogin 0
}
log " uri path [HTTP::path] :: $runCustomLogin :: "
if { $runCustomLogin eq 1 } {
log "uri in request [HTTP::uri] $$ [HTTP::header names] $$ [HTTP::cookie exists $cookieName]"
set reqdata [HTTP::payload]
set retrieveValue 0
if { $reqdata contains "www.cookgtw.com" }
{
set retrieveValue 1
}
log "payload check $retrieveValue"
if { $retrieveValue eq 1 } {
set tmpUsername [findstr $reqdata "username" 9]
set username [getfield $tmpUsername "&" 1]
set tmppwd [findstr $reqdata "password" 9]
set userpwd [getfield $tmppwd "&" 1]
set isLoginRequested [findstr $reqdata "bigipLogin" 11]
set isLoginPage [getfield $isLoginRequested "&" 1]
}
Check Cookie exists. If exists do not run Radius Authentication
if { $cookieExists }
{
if { $requestedUri contains ".png" ||
$requestedUri contains ".gif" ||
$requestedUri contains ".jpg" ||
$requestedUri contains ".jpeg" ||
$requestedUri contains ".css" } {
set runRadiusAuthentication 0
set setCookieDuringResp 0
} else {
HTTP::cookie decrypt $cookieName $cookieEncPwd 128
set ckvalue [HTTP::cookie value $cookieName]
set currenttime [clock seconds]
set delta [expr $currenttime - $ckvalue]
if { $delta > 15 } {
if { $isLoginPage eq "www.cookgtw.com" } {
set runRadiusAuthentication 1
set setCookieDuringResp 0
set setModAuthHdr 1
} else {
set runRadiusAuthentication 0
set setCookieDuringResp 0
set setModAuthHdr 0
HTTP::respond 301 Location "http://$cookieDomain/gtwlogin/calograd.htm" "Cache-Control" "1no-cache"
}
} else {
set runRadiusAuthentication 0
set setModAuthHdr 1
if { $isImageUrl ne 1 } {
set setCookieDuringResp 1
}
}
}
}
Run radius authentication if runRadiusAuthentication is set to one ||| no Cookie
if { $runRadiusAuthentication eq 1 }
{
if { $username ne "" && $userpwd ne "" } {
log "About to call authenticate"
if { $debugon eq 1 } {
log "Abt to call auth"
}
log "About to call authenticate $username : pwd"
set setModAuthHdr 1
AUTH::username_credential $asid $username
AUTH::password_credential $asid $userpwd
AUTH::authenticate $asid
HTTP::collect
} else {
set setModAuthHdr 0
HTTP::respond 301 Location "http://$cookieDomain/gtwlogin/calograd.htm" "Cache-Control" "1no-cache"
}
}
}
set uuname [HTTP::username]
if { $setModAuthHdr eq 1} {
log "inside mod auth $username"
set ename [b64encode "$username:\$apr1\$Vk1.....\$fVfqXg8t8iFv.guKLPJdi0"]
HTTP::header remove Authorization
HTTP::header insert XAuthorization $ename
HTTP::header insert Authorization "Basic $ename"
}
}
when HTTP_RESPONSE {
if { $setCookieDuringResp eq 1 } {
log "setting cookie $requestedUri :: $isImageUrl"
set cookieval [clock seconds]
HTTP::cookie insert name $cookieName value $cookieval path / domain $cookieDomain version 1
HTTP::cookie encrypt $cookieName $cookieEncPwd 128
HTTP::cookie maxage $cookieName $cookieTimeout
HTTP::cookie insert name $usernameCookie value $username path / domain $cookieDomain version 1
HTTP::cookie maxage $usernameCookie $cookieTimeout
}
}
when AUTH_SUCCESS {
if { $debugon eq 1 } {
log "AUTH CALLED"
}
if { $asid eq [AUTH::last_event_session_id] }
{
set setCookieDuringResp 1
HTTP::release
}
}
when AUTH_FAILURE {
if { $asid eq [AUTH::last_event_session_id] }
{
HTTP::respond 301 Location "http://$cookieDomain/gtwlogin/calograd.htm" "Cache-Control" "1no-cache"
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"GTW\""
}
}
when AUTH_WANTCREDENTIAL {
if { $debugon eq 1 } {
log "WANT CRED"
}
if { $asid eq [AUTH::last_event_session_id] }
{
HTTP::respond 301 Location "http://$cookieDomain/gtwlogin/calograd.htm" "Cache-Control" "1no-cache"
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"GTW\""
}
}
when AUTH_ERROR {
if { $asid eq [AUTH::last_event_session_id] }
{
HTTP::respond 301 Location "http://$cookieDomain/gtwlogin/calograd.htm" "Cache-Control" "1no-cache"
HTTP::respond 401
}
}
*Edited for readability, no code changes made* - Colin
No RepliesBe the first to reply