Forum Discussion
Rise_77519
Nimbostratus
Nimbostratusreject client user based on username
Hi,
I tried to accomplish my purpose with the below irule but it did not work. I would like to deny user when he tried to login my application.Other users can login. I could not understand that what is the wrong in my irule or it is true way to accomplish my porpose?
Thanks.
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
if { [TCP::payload ] contains "david" } {
reject
} else {
pool my_web_pool
}
TCP::release
}8 Replies
Michael_YatesHi Rise,
The default TCP::payload requires that you set a payload length or size according to the Wiki.
You may be happier with an alternate type of solution. See this post to see if it may be a better alternative: TCP payload match and logging.
Hope this helps.- Rise_77519Hi Michael,
I am not sure which value I should use.How can I understand that I am using correct tcp payload value to catch username from tcp payload.
thank you. 
hoolioCirrostratus
What protocol is the application using? Is the username included at the beginning of each TCP connection, each TCP packet, etc?
Aaron- Rise_77519hi Hoolio,
the application is using the http protocol and username included at he begining of the each tcp connection.Actually I would like to learn that how can I arrange the tcp payload length, is there a documentation about that? - hoolioHi Rise,
What authentication scheme is the application using? Is it basic, NTLM, etc? It would probably be simpler to add an HTTP profile to the virtual server and then use HTTP:: commands to parse the username.
Aaron - Rise_77519ok, how I will reject it then?
- hoolioYou can still reset the connection with reject or if you add an HTTP profile to the VS, you can send an HTTP response with HTTP::respond.
If you can confirm the authentication method I can give you a more detailed example on how to parse the username from requests.
Aaron - Rise_77519Hi Hoolio,
We are using ldap authentication method. Thank you fır your helps.
