20 Lines or Less #84: iRule Solutions for Basic Auth, Host Rewrites, and Conditional Redirects

What could you do with your code in 20 Lines or Less?

That's the question we like to ask from, for, and of (feel free to insert your favorite preposition here) the DevCentral community, and every time we do, we go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head. Thus was born the 20LoL (20 Lines or Less) series many moons ago. Over the years we've highlighted hundreds of iRules examples, all of which do downright cool things in less than 21 lines of code.

Basic Authentication for Specific Page

https://devcentral.f5.com/s/questions/add-basic-authentication-for-specific-page

Shout out to member Yossi, who came to the table with code in hand trying to protect a specific page with basic authentication. Community stalwart nitass walked Yossi through the final pieces to this workable solution.

 

when HTTP_REQUEST {
  if {not ([string tolower [HTTP::uri]] contains "somepage.jsp")} {
    return
  }
  binary scan [ md5 [HTTP::password]] H* password
  if { [class lookup "[HTTP::username]" authorized_users] equals $password } {
    log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"
  } else {
    if { [string length [HTTP::password]] != 0 } {
      log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]"
    } 
    HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\""
  }
}

Stream Rewriting

https://devcentral.f5.com/s/questions/irule-to-redirect-traffic-as-well-as-changing-the-url

Member Joseph has a need to mock production in an internal environment, and sought out some help wrapping up his iRule to rewrite the host in both directions between client and server. Several members contributed to what Joseph posted back as a final solution.

 

when HTTP_REQUEST { 
  STREAM::disable
  HTTP::header remove "Accept-Encoding"
  log local0. "Host: [HTTP::host]"
  if { [string tolower [HTTP::host]] equals "www.abc.com.int.xyz.com"} {
    HTTP::header replace "Host" "www.abc.com"}
    pool POOL1
    log local0. "Setting Pool: POOL1"
  }
}
when HTTP_RESPONSE {
  if {[HTTP::header value Content-Type] contains "text"}{
    STREAM::expression {@www.abc.com@www.abc.com.int.xyz.com@@www.def.com@www.def.com.int.xyz.com@}
    STREAM::enable
  }
}

Conditional Redirects on Hostname

https://devcentral.f5.com/s/questions/referencing-the-vs-default-pool-as-destination-in-irule

David had a list of requirements to solve, and one was to send traffic to default pool for some domains but redirecting to SSL otherwise. The switch is a good conditional to use in this case, you can chain multiple hosts to one action. Power user nathan provided a nice solution to David’s requirements.

 

when CLIENT_ACCEPTED {
    # Save the name of the VS default pool
    set default_pool [LB::server pool]
}
when HTTP_REQUEST {
  switch [string tolower [HTTP::host]] {    
    "www.domain-a.de" -
    "www.domain-b.de" -
    "www.domain-c.de" { 
       # send these to default pool
       pool $default_pool 
       }
    default { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
  }
}
Published Jan 07, 2015
Version 1.0
application delivery
devops
http
iRules
No CommentsBe the first to comment