For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

meena_60183's avatar
meena_60183
Icon for Nimbostratus rankNimbostratus
Dec 17, 2008

removing authorization header for LDAP

Hi All,

 

 

I have looked at some iRule examples that show show to remove the authorization http header but have some hard time making it to work.

 

 

Basically, I have http traffic that needs to be authenticated using LDAP. But I want to remove the authorization http header on the server side. When the LDAP authentication is successful, the users are allowed to see the data.

 

 

I tried "request header erase" on the http profile but it erases it even before the user gets authenticated.

 

 

Also, I found the following irule in the forum but this also erases the authorization information from the header before the authentication.

 

 

when HTTP_REQUEST priority 501 {

 

Remove the Authorization header after the system authorization iRule runs (at priority 500)

 

if {[HTTP::header exists Authorization]} {

 

[serverside {HTTP::header remove Authorization}]}

 

}

 

 

Any ideas?

 

 

Meena

 

 

application delivery
dev
devops
iRules

1 Reply

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Dec 31, 2008
    I think what you're looking for is the AUTH_SUCCESS event. You could set a variable in this event, then in the HTTP_RESPONSE event you could use the HTTP::header remove command if the variable is set, showing that an AUTH_SUCCESS event occured. This way you could remove the header on the server side, but only if the login worked.

     

     

    Sound about right?

     

     

    Colin