Forum Discussion

Member_9894's avatar
Icon for Nimbostratus rankNimbostratus
May 10, 2010

Login Banner

Hello.I've been tasked to create a login banner that will pop up when an external user hits my LTM and goes to any of my virtual servers. It's supposed to consist of a short message explaining that use of the system constitutes consent to monitoring and should have one button (yes/ok etc.) and the small x in the corner that would allow them to cancel out of the pop up (ideally this should close their connection or send them to an errorpage.) I believe this is possible with an iRule, but I have no experience with TCL. I would greatly appreciate any suggestions and help that anyone has to offer. Thanks in advance.


8 Replies

  • Hi Javern,



    What protocol are you load balancing through LTM? For HTTP, you could use a stream profile to inject Javascript which creates a popup in responses. We've discussed this type of response content injection in a few recent posts:







  • Hello, 


    I'm working with Member 9894 on this project. 


    What we are attempting to accomplish is present our users with a banner that says 'you are accessing our servers; you consent to monitoring, blah blah blah' and have them click on the 'OK' button to access the content. 


    Here's our basic setup... 


    multiple VS accessed via https...using PKI/CAC for client authentication. 

    using Big IP LTM v9.3.0 


    We would like to have Big IP serve the 'banner' page prior to the users being authenticated for any of our VSs. 


    I have attempted to use a 'HTTP::respond 200 content [subst $::html_data]'. I can get the page (basic html with embedded css) to be served but when clicking on the 'OK' button I'm not sure what happens at that point. 


    Any help would be appreciated. 


    I can post iRule scripting if needed; let me know.

  • It should be relatively simple to implement a Javascript injection in responses. I think the trick is to figure out what code you want to inject and under which circumstances. For example, if this was the HTML for your index page:



    My test index page
    This is the rest of the HTML in the body...



    You could use a stream profile and STREAM::expression based iRule to replace < body > with < body > < script >alert('Click ok to access the page')< /script >:



    My test index page
    This is the rest of the HTML in the body...



    If you wanted to serve a page instead of Javascript, you could use logic like has been done in the maintenance page Codeshare examples. On any request (or any request to a login page), check for a cookie which the iRule sets upon clicking okay in a form. If the cookie is not set, redirect the client to /tos.html or some other page which is served from the iRule. On requests to that page, you send back the HTML for a banner page with an Accept button. The form action could be the same URI with a query string parameter set like /tos.html?accept=1. On requests to /tos.html?accept=1, you could redirect to the login page or the originally requested page and set a cookie indicating acceptable of the terms of service.



    Here are links to the maintenance page examples:







  • Thanks Aaron. Very good info. I was heading down those lines, but how do I get the iRule to capture the button click on my html page delivered to the user?

    Here is a snippet of what I have for the html on my tos.html page.

      I Agree  

    This just seems to bring me back to the tos.html page.

    Also, the only way that I can see (with my limited knowledge of the Big IP traffic flow sequence and when the events are called) to do it is to have the iRule set a variable or cookie in the same conditional statement as the HTTP::respond. By doing this, though, the user won't actually have to click the 'I Agree' button to have the cookie or variable be set, instead, all they would have to do is visit the page. I would much rather know that they clicked the 'I Agree' button.

    Here is some of the iRule:

    set consent_monitor "NotAgree"
    log local0. "CLIENT_ACCEPTED"
    when HTTP_REQUEST {
     if { $consent_monitor == "NotAgree" } {
      log local0. "Client has not agreed to monitoring. Sending consent page..."
      set origUrl "[HTTP::host][HTTP::uri]"
      log local0. "original URL = $origUrl"
      HTTP::respond 200 content [subst $::html_data]
      set consent_monitor "Agree"

    Any thoughts?...clear as mudd?

  • sorry about the format of my last post...i seem to be having trouble with the "code" section.
  • Hi Reiss,



    Can you attach the HTML as a text file to your post and remove it from the written part of the post? Or you might be able to put it in a [ code ] [/ code ] block to get the HTML to render inline.





  • Reiss were you ever able to complete your login banner project? We have a similar need and would like to use it if you got it working. Trying not to "re-invent the wheel". Thx!