Forum Discussion
NimbostratusIrule not working
Below is my irule is not working if the URI::query doesn't have the required parameters. Basically i want send respond 200 for successful connection and 401 for incorrect parameter or non parameter Please suggest
when HTTP_REQUEST { HTTP::header insert "clientless-mode" 1 log local0. "clientless-mode 1" set xyz [HTTP::query]
if {[info exists $abc]} { HTTP::respond 200 content $abc }
}
when ACCESS_POLICY_COMPLETED { if {[ACCESS::policy result] equals "allow"} {set abc [class match -value "$xyz" equals USERS_DG] ACCESS::respond 200 content "$abc" log local0. "$abc"} if{not([class match -value ["$xyz"] equals USERS_dg ] ) } {ACCESS::respond 401 content "TEST"}
}
4 Replies
rob_carrCirrocumulus
Slightly easier to read formatting:
when HTTP_REQUEST { HTTP::header insert "clientless-mode" 1 log local0. "clientless-mode 1" set xyz [HTTP::query] if {[info exists $abc]} { HTTP::respond 200 content $abc } } when ACCESS_POLICY_COMPLETED { if {[ACCESS::policy result] equals "allow"} { set abc [class match -value "$xyz" equals USERS_DG] ACCESS::respond 200 content "$abc" log local0. "$abc" } if {not([class match -value ["$xyz"] equals USERS_dg ] ) } { ACCESS::respond 401 content "TEST" } }
JGCumulonimbus
Just a quick rewrite:
when HTTP_REQUEST { set xyz "" HTTP::header insert "clientless-mode" 1 log local0. "clientless-mode 1" set xyz [HTTP::query] } when ACCESS_POLICY_COMPLETED { if { $xyz ne "" } { log local0. "ACCESS_POLICY_COMPLETED: Found query string $xyz." if {[ACCESS::policy result] equals "allow"} { set abc "" set abc [class match -value -- "$xyz" equals USERS_DG] if { $abc ne "" } { log local0. "ACCESS_POLICY_COMPLETED: $abc : access allowed" ACCESS::respond 200 content $abc event disable all return } else { log local0. "ACCESS_POLICY_COMPLETED: param not matching acl: access not allowed" ACCESS::respond 404 "resource not found." event disable all return } } } else { log local0. "ACCESS_POLICY_COMPLETED: query string not found." ACCESS::respond 404 "resource not found." event disable all return } }
F5-Geekwhen HTTP_REQUEST { set xyz "" HTTP::header insert "clientless-mode" 1 log local0. "clientless-mode 1" set xyz [HTTP::query] }
when ACCESS_ACL_ALLOWED { set abc "" set abc [class match -value -- "$xyz" equals USERS_DG] if { $abc ne "" } { log local0. "ACCESS_POLICY_COMPLETED: $abc : access allowed" HTTP::respond 200 content $abc event disable all return } else { log local0. "ACCESS_POLICY_COMPLETED: param not matching acl: access not allowed" HTTP::respond 404 "resource not found." event disable all return }
if { $abc eq "" } { log local0. "ACCESS_POLICY_COMPLETED: query string not found." HTTP::respond 401 content "Error: Failure in Authentication" Connection Close event disable all return} }
Stanislas_Piro2When working with clientless mode, there is no more interractivity with requestor.
You have to define in the irule how do you get credentials for policy evaluation.
There are some irule on devcentral on how to manage clientless mode like basic authentication, xml parameter or certificate.
How do you want the client authenticate in APM?
