Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

add attribute query f5 apm

herdi
Nimbostratus
Nimbostratus

hi expert

i want to send otp to another domain for example on irule lx

to : a@abc.com send email and we want to add atribute ad : noname and send to : a@cde.com

the goal email otp code should a@cde.com 

the logic is if nomber phone doesnt ekist send to email user 

thanks

6 REPLIES 6

lnxgeek
MVP
MVP

You can achive this by using an iRule event in the VPE.

You insert an iRule Event agent at the right place in your logic in VPE and then in the iRule attached to the VS you have access to the different session variables where you can measure and rewrite.

 

We already configured session on irule event on vs and we set attribute on pve but when access vpn we did not get  OTP notification, we already check attribute name and match on active directory, on report log is able to see the session attribute succes send otp or not?

if we running debug on f5, the event procces can see to make sure the step on it

Thanks

lnxgeek
MVP
MVP

I would start to log the relevant variables in the iRule when logging on to get there content.

Then I would run a tcpdump on the unit to see if it tries to send anything out and to where, with what.

Also, have you configured a SMTP relay (System ›› Configuration : Device : SMTP) and do you know if it works ?

i have check access report but didnt find the variable,  how to check log for relevant variable ?

if i used tcp dump should we decrypt client ssl side only or server to ? because we have client and servire ssl certificate

we didnt configure smtp rely, this active directory on existing we just add new attribut contain email address and when otp will send to new email not existing email  

 

lnxgeek
MVP
MVP

Turn up logging to debug for all features, that should give you more information of what is going on in general. I would expect the variables to be logged without it though.

You must configure a smtp relay, otherwise it doesn't know how to send the otp:

Screenshot from 2023-04-28 07-00-43.png

Regarding decrypting ssl I would go for both sides. Have a look at Mr. Rahm's solution:

https://community.f5.com/t5/technical-articles/decrypting-big-ip-packet-captures-without-irules/ta-p...

 

function send_email (req, res) {
var transporter = nodemailer.createTransport ({
host: 'xx.xx.xx.xx',
port: 25,
secure: false,
tls: {
rejectUnauthorized: false
}
});
var mailOptions = {
from: '@example.com',
to: req.params()[2],
subject: 'User VPN '+ req.params()[0],
html: "Kode OTP : "+ req.params()[1] + "<br />dont share.<br /><br />Email user: "+ req.params()[2]+"<br />Phone: "+req.params()[3]+"<br/>Department: "+req.params()[4]
};

 

here is irule access policy agent event (on vpe attribute name is mail)

ACCESS::session data get session.ad.last.attr.mail