Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Google Authenticator iRule For Two-Factor Auth With LDAP

Problem this snippet solves: This iRule requires LTM v10. or higher. This iRule adds two-factor authentication to a virtual server by combining an LDAP account with a Google Authenticator token. ...
Published Mar 17, 2015
Version 1.0
application delivery
devops
irules
security
Garry1Davies's avatar
Garry1Davies
Icon for Nimbostratus rankNimbostratus
Sep 09, 2016

This works great once you figure out that the posted variables are passed in the payload URI encoded. Reserved characters are replaced with the hex encoded equivalents and thus passwords that contain these are never going to authenticate.

 

To fix this change the code below..

 

  foreach param [split [HTTP::payload] &] {
    set [lindex [split $param =] 0] [lindex [split $param =] 1]
  }

to this

 

foreach param [split [HTTP::payload] &] {
        set [lindex [split $param =] 0] [URI::decode [lindex [split $param =] 1]]
      }