Forum Discussion

Rise_77519's avatar
Rise_77519
Icon for Nimbostratus rankNimbostratus
May 22, 2012

reject client user based on username

Hi,

I tried to accomplish my purpose with the below irule but it did not work. I would like to deny user when he tried to login my application.Other users can login. I could not understand that what is the wrong in my irule or it is true way to accomplish my porpose?

Thanks.

when CLIENT_ACCEPTED {
  TCP::collect 
}
when CLIENT_DATA {
  if { [TCP::payload ] contains "david" } {
     reject
  } else {
     pool my_web_pool
 }
 TCP::release
}

8 Replies

  • Hi Michael,

     

    I am not sure which value I should use.How can I understand that I am using correct tcp payload value to catch username from tcp payload.

     

    thank you.

     

  • What protocol is the application using? Is the username included at the beginning of each TCP connection, each TCP packet, etc?

     

     

    Aaron
  • hi Hoolio,

     

    the application is using the http protocol and username included at he begining of the each tcp connection.Actually I would like to learn that how can I arrange the tcp payload length, is there a documentation about that?

     

  • Hi Rise,

     

     

    What authentication scheme is the application using? Is it basic, NTLM, etc? It would probably be simpler to add an HTTP profile to the virtual server and then use HTTP:: commands to parse the username.

     

     

    Aaron
  • You can still reset the connection with reject or if you add an HTTP profile to the VS, you can send an HTTP response with HTTP::respond.

     

     

    If you can confirm the authentication method I can give you a more detailed example on how to parse the username from requests.

     

     

    Aaron
  • Hi Hoolio,

     

    We are using ldap authentication method. Thank you fır your helps.