For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jonathan_Archer's avatar
Jonathan_Archer
Icon for Nimbostratus rankNimbostratus
Mar 15, 2013

Match Radius.Class attributes

We need to compare variables in the radius class attribute that are returned via an APM radius auth. The class attribute is stored in the APM in hex so I need to convert the hex to string.

 

I have tried

 

set e_fields [split [mcget {session.radius.last.attr.class}] "|"];

 

set strAceServer [expr { [lindex $e_fields 0] }];

 

set strAceServer [binary format c* $strAceServer];

 

return $strAceServer;

 

and

 

set e_fields [split [mcget {session.radius.last.attr.class}] "|"];

 

foreach field $e_fields {

 

if ($field contains "*ace*") {

 

return "YES";

 

}

 

};

 

 

returns the hex

 

set e_fields [split [mcget {session.radius.last.attr.class}] "|"];

 

return [expr { [lindex $e_fields 0] }]

 

 

 

Any help would be appreciated to sort out the code.

 

 

 

application delivery
dev
devops
iRules

12 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 16, 2013
    Try this: 

    
set e_fields [split [mcget {session.radius.last.attr.class}] "|"];
foreach field $e_fields { set hex [binary format H* [string range [string trim $fields] 2 end]];if { [string match -nocase "*ace*" $hex] } { return $hex } else { return "NO" }};

    Three things:

    1. The "contains" keyword is iRules-specific and doesn't work in VPE rules.

    2. You needed H* for the binary format.

    3. The hex value is stored with leading "0x" characters, but the binary format won't work with this, so [string range [string trim $fields] 2 end]] gets rid of them.

  • Reddy1's avatar
    Reddy1
    Icon for Altostratus rankAltostratus
    Jun 02, 2020

    Hi Kevin,

     

    The above is the irule or the reg exp on the VPE?

     

    Thanks,

    Reddy

  • Reddy1's avatar
    Reddy1
    Icon for Altostratus rankAltostratus
    Jun 03, 2020

    Thanks Kevin, Do i require to add the Message box within the VPE after the login and add this code?

     

  • Reddy1's avatar
    Reddy1
    Icon for Altostratus rankAltostratus
    Jun 04, 2020

    Thanks Kevin , Can i use the Logging as place holder for this code?

    If not do you mind to help where i can add this code in the VPE?

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jun 04, 2020

    This code goes in a variable assignment agent. Create a session variable (ex. session.radius.last.attr.class.evaluated), then put the VPE code in the right side block. The code will populate the session variable with either the evaluated her value, or the string "NO". You could insert a logging agent after this to send the variable to /var/log/apm (use %{variable} syntax in the logging agent), or you could send it back to the client in a message box agent. The logging agent is probably more practical.

  • Reddy1's avatar
    Reddy1
    Icon for Altostratus rankAltostratus
    Jun 30, 2020

    Hi Kevin,

     

    i did implement as per your suggestion. When i checked the logs, i see the value being blank. I have attached the config.