For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Amit_Grover_171's avatar
Amit_Grover_171
Icon for Nimbostratus rankNimbostratus
Oct 12, 2015

Need to write Irule to decode auth string to Base64 and fetch domain name from it and compare that domain name with certificate to deny/permit traffic

Hi,   Need to write Irule to decode auth string to Base64 and fetch domain name from it and compare that domain name with certificate to deny/permit traffic.   Please help ASAP.   /Regards A...
application delivery
deployment
devops
iRules
LTM
TMOS
TMSH
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 13, 2015

Something like this to get the domain value. I need to assume for the following code that the request that's sending this payload data is a POST:

 

when HTTP_REQUEST {
    if { [HTTP::method] eq "POST" } {
         buffer the HTTP payload and trigger the HTTP_REQUEST_DATA event
        HTTP::collect [HTTP::header Content-Length]
    }
}
when HTTP_REQUEST_DATA {
     HTTP payload data is available here
    if { [HTTP::payload] contains "" 21 "<"]
        catch { set domain [b64decode $domain] } 

        log local0. "domain = $domain"
    }
}

Another catch is we have multi SAN certificate so I want to compare this domain name with SAN's and then only permit traffic.

 

So do you mean you're applying this iRule to multiple HTTPS VIPs that have separate SAN certs, and you need to check the domain against each of the SAN names? Would it not be the same as the HTTP::host value?