Simple HTTP Authentication server

Problem this snippet solves:

Sometimes you want to have some authentication for a system, but don't want to build an AD server, or connect up to another complex authentication system. This iRule will simplify this and makes it very easy to manage the credentials from the iRule itself. If preferred, you can also put the credentials in a DataGroup, but for ease of (bulk) replacement, this has not been done.


How to use this snippet:

In LTM: Create a new Virtual server, destination IP: <auth-vs-ip>, destination port: 80 (can use SSL if preferred of course), add an HTTP profile and the newly created iRule.


For use in an APM policy:

- Create a new HTTP auth server in APM, authentication type Basic/NTLM, Start URI: http://auth-vs-ip/auth.url

- In your APM Access Policy, create a new HTTP auth agent, referencing the newly created HTTP auth server

Code :

#####################################################################################
# Simple Authentication Server
# v1.0 - Alex Tijhuis
# The iRule is checking for a specific authentication URI, and then 
# checks HTTP Basic authentication for credentials. 
# If the credentials provided match up with the details in the "switch" statement, 
# the iRule responds with an HTTP 200 OK code, otherwise an HTTP 401 authorization required response. 
# Not a lot has been spend on security for this iRule, so probably best to
# only allow internal connections to connect to this iRule (e.g. from internal APM) 
# Additional users can be added by adding extra lines to the "switch" statement
######################################################################################

when HTTP_REQUEST {
    set outcome sad
    if {not ([string tolower [HTTP::uri]] contains "auth.url")} {
        return
        log local0. "No auth request found" 
    }
    switch [HTTP::username] { 
        "student1" { if { [HTTP::password] == "pass1" } { set outcome happy }}
        "student2" { if { [HTTP::password] == "pass2" } { set outcome happy }}
        "student3" { if { [HTTP::password] == "pass3" } { set outcome happy }}
        "student4" { if { [HTTP::password] == "pass4" } { set outcome happy }}
        "student5" { if { [HTTP::password] == "pass5" } { set outcome happy }}
        "student6" { if { [HTTP::password] == "pass6" } { set outcome happy }}
        "student7" { if { [HTTP::password] == "pass7" } { set outcome happy }}
        "student8" { if { [HTTP::password] == "pass8" } { set outcome happy }}
        "student9" { if { [HTTP::password] == "pass9" } { set outcome happy }}
        "student10" { if { [HTTP::password] == "pass10"} { set outcome happy }}
    }
    if { $outcome == "happy" } {
        HTTP::respond 200 content "$outcome"
        #log local0. "User [HTTP::username], successfully logged in"
    }
    else {
        HTTP::respond 401 content "$outcome"
        log local0. "User [HTTP::username], password: [HTTP::password] no dice"
    }    
}

Tested this on version:

15.1
Published May 05, 2021
Version 1.0

Was this article helpful?

No CommentsBe the first to comment