For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jimmy_Villafran's avatar
Jimmy_Villafran
Icon for Nimbostratus rankNimbostratus
Nov 06, 2014

Want to send a specific user to a specific node

I'm sure there is a similar thread but I cannot find one for this. I need to make sure a specific user is going to a specific node. The user is utilizing EWS. I have created a pool called EWS_Jail_Pool and a datagroup list called EWS_Jail with the users SamAccountname in there. When I test I'm not seeing anything in the statistics for the single node in the EWS_Jail_Pool nor anything for them in that nodes app logs so I know it isn't going to it. Any assistance would be helpful as I'm pretty new to iRules. Here is what I have so far:

when HTTP_REQUEST { 
if { [HTTP::header value "Authorization"] ne ""}{ 
set user [string tolower [HTTP::username]] 
if { [matchclass EWS_Jail contains $user] } { 
pool EWS_Jail_Pool 
} 
} 
}

Thank you, Jimmy

application delivery
availability
BIG-IP Access Policy Manager (APM)
devops
iRules
LTM
microsoft
security

3 Replies

  • mimlo_61970's avatar
    mimlo_61970
    Icon for Cumulonimbus rankCumulonimbus
    Nov 06, 2014

    Are you using basic auth? I think that header only exists in basic auth. I would add in a log line to see what $user is getting set to.

     

    log local0.debug "username is $user"

     

    right after the set command.

     

  • Jason_Keating's avatar
    Jason_Keating
    Icon for Altostratus rankAltostratus
    Nov 06, 2014

    Is the request going to the default pool ?

     

    Can you post the request so we can have a look, or at log the vaule of "Authorization"

     

    tcpdump -s 1400 -X host -i any host {Virtual IP}

     

    If you have a client_ssl profile use the node IP and port in the tcpdump for the node you suspect the request is hitting.

     

    To log to /var/log/ltm try something like

     

    log local0. "Server:[virtual name] [HTTP::header value "Authorization"] [HTTP::username]"

     

  • Jimmy_Villafran's avatar
    Jimmy_Villafran
    Icon for Nimbostratus rankNimbostratus
    Nov 07, 2014

    So after running this with the debug logs, I try and send data from this user and it doesn't pull anything. It does show entries for the debug and every now and then it will show a user that isn't on the list but still nothing gets sent to that user. Here are the HTTP transactions from the TCPDump. Let me know if you need more info from these dumps. Also I tried another config that I thought might be a bit simpler that I will list at the bottom.

    19243.384521HTTP/XML777POST /EWS/Exchange.asmx HTTP/1.1 , NTLMSSP_AUTH, User: \OPSTEST@TSCHOEPETEST.COM

    19343.384779TCP70http > 64714 [ACK] Seq=575 Ack=2062 Win=66560 Len=0 TSval=176811509 TSecr=2343575884

    19443.760115HTTP/XML898HTTP/1.1 200 OK

    19543.760141TCP7064714 > http [ACK] Seq=2062 Ack=1403 Win=5782 Len=0 TSval=2343576301 TSecr=176811547

    when HTTP_REQUEST { 
    if { [HTTP::uri] contains "/EWS/Exchange.asmx" } { 
        set user [string tolower [HTTP::username]] 
        if { [matchclass EWS_Jail contains $user] } { 
            pool EWS_Jail_Pool
                            return
               }
}

    }