Forum Discussion

abdel-ibnou's avatar
abdel-ibnou
Icon for Altostratus rankAltostratus
Jan 25, 2023

Persist connection based on NTLM username

Hello; Have anyone an idea if the persistence based on NTLM username is possible or not without envolving APM module? by analysing pcap traffic, i've found that the username is interchanged between...
application delivery
  • Kai_Wilke's avatar
    Kai_Wilke
    Jan 29, 2023

    Wait a second... did you said the user is using scripts to authenticate with different users? The tell the dude to add a custom http header in his scripts containing the username. Problem solved... 😉

    Cheers, Kai

abdel-ibnou's avatar
abdel-ibnou
Icon for Altostratus rankAltostratus
Jan 25, 2023

thak you for your response,

 

first think that come to my bring is universal persistence but as i described there is many challenges: 

-username (persistence criteria which is encrypted ) is communicated starting from the 5th packet (so the session is already load balanced and persisted by the fallback persistence by src IP address and all the scripts will pointed to the same Pool Membder.

-username is present just on the 5th and 6th packet of NTLM authentication and after that this criteria will desapear on traffic

-username is endoded and encrypted and this is challenging for irules 

 

Regards