Forum Discussion

Paul_Ryan_73610's avatar
Paul_Ryan_73610
Icon for Nimbostratus rankNimbostratus
May 05, 2011

x-authenticated-user - Web Proxy

Hi Guys,

 

 

Wondering if somebody can help or at least let me know if it would be possible to develop an iRule so that requests to a whitelist of URL's to a web proxy VIP could be intercepted and have an x-authenticated-user header inserted so that when the requests arrive at the proxy it will not send a 407 for authentication for the specific URL. Essentially I am trying to bypass authentication for a number of URL's, where we are using the F5 to load balance our web proxies.

 

 

Thanks

 

2 Replies

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Sure, if you had a white-list you'd just need to do a class match and an HTTP::header insert, assuming that your app will trust the x-authenticated-user header and doesn't require some other token. ;)

     

     

    You'd just need a class of IPs:

     

     

    class whitelist {

     

    "/myapp/somepage1"

     

    "/myapp/somepage2"

     

    ....

     

    }

     

     

    And an iRule to look through that class and insert the header if it finds a match.

     

     

    when HTTP_REQUEST {

     

    if {!([HTTP::header exists "x-authenticated-user"]) } {

     

    if { [class match [HTTP::uri] equals whitelist] } {

     

    HTTP::header insert "X-Authenticated-User" "authenticated"

     

    }

     

    }

     

    }

     

     

    Something like that. If you've got any more specific questions or requirements, let me know.

     

     

    Colin
  • Hi Colin,

     

     

    Thanks for the information, just to be clear the whitelist will contain up to 150 URL's of all types of public content. The users browser is explicitly configured to point to the VIP which load balances the proxies which are intended to do authentication except for the sites excluded in my iRule?

     

     

    Thanks