Is it possible to authenticate HTTP traffic in an iRule against the 'tmsh list auth user' user database?

Question

Is it possible to authenticate HTTP traffic in an iRule against the 'tmsh list auth user' user database?&nbsp;
I have a requirement to authenticate users but the client does not want a separate data-group of users to manage and off-box authentication is not an option.  They have existing mechanisms for password control of the standard F5 admin passwords and would like to keep using that for authenticating web traffic.  The users would have a 'No Access' role so they cannot use the F5 GUI or SSH.&nbsp;
Any advice appreciated.  Thanks!&nbsp;
Dave.&nbsp;

boneyard · Answer

im not 100% sure, but i don't believe this is possible. never seen anything, also not APM, which would make some sense to interact with the admin user db.

petewhite · Answer

Yes, it can be done with APM - https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/13.html?sr=45894627&nbsp;

Forum Discussion

Is it possible to authenticate HTTP traffic in an iRule against the 'tmsh list auth user' user database?

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Question/Advice on iRule Remediating the Telerik (Unsafe Reflection Vulnerability (CVE-2025-3600)

Resetting to Factory Default

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Issue with IIS and Client Component Service Load balancing

Syslog Filter Configuration for Separating Audit and LTM logs.

Related Content

Edge to Pulse: IP Geolocation Database Migration

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

iControl REST Authentication Token Management

Two-Factor Authentication With Google Authenticator And APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS