Forum Discussion

Rise_77519's avatar
Rise_77519
Icon for Nimbostratus rankNimbostratus
May 22, 2012

reject client user based on username

Hi,

I tried to accomplish my purpose with the below irule but it did not work. I would like to deny user when he tried to login my application.Other users can login. I could not understand that what is the wrong in my irule or it is true way to accomplish my porpose?

Thanks.

when CLIENT_ACCEPTED {
  TCP::collect 
}
when CLIENT_DATA {
  if { [TCP::payload ] contains "david" } {
     reject
  } else {
     pool my_web_pool
 }
 TCP::release
}

  • Hi Michael,

     

    I am not sure which value I should use.How can I understand that I am using correct tcp payload value to catch username from tcp payload.

     

    thank you.

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    What protocol is the application using? Is the username included at the beginning of each TCP connection, each TCP packet, etc?

     

     

    Aaron
  • hi Hoolio,

     

    the application is using the http protocol and username included at he begining of the each tcp connection.Actually I would like to learn that how can I arrange the tcp payload length, is there a documentation about that?

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Hi Rise,

     

     

    What authentication scheme is the application using? Is it basic, NTLM, etc? It would probably be simpler to add an HTTP profile to the virtual server and then use HTTP:: commands to parse the username.

     

     

    Aaron
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    You can still reset the connection with reject or if you add an HTTP profile to the VS, you can send an HTTP response with HTTP::respond.

     

     

    If you can confirm the authentication method I can give you a more detailed example on how to parse the username from requests.

     

     

    Aaron
  • Hi Hoolio,

     

    We are using ldap authentication method. Thank you fır your helps.