Forum Discussion

Frank0ph's avatar
Frank0ph
Icon for Nimbostratus rankNimbostratus
Feb 28, 2020

Bypass security if url contains particular string

hi, I'm quite a newbie to F5 so apologies if I ask stupid questions!   We've got a new requirement to lock down one of our websites with 2FA for all users when accessing the site from outside of...
APM
iRules
security
Juraj's avatar
Juraj
Icon for Cirrus rankCirrus
Feb 28, 2020

You could probably disable APM for every GET request that contains a non-empty "ticket" parameter

when HTTP_REQUEST {
  if { ([HTTP::method] eq "GET") and ([URI::query [HTTP::uri] ticket] ne "") } {
    ACCESS::disable
  }
}
  • Frank0ph's avatar
    Frank0ph
    Icon for Nimbostratus rankNimbostratus
    Mar 05, 2020

    Thanks for the responses.

    Juraj your suggestion sounds like what I want.

    Does that imply that the word "ticket" just needs to be included or that there must be some text after the word ticket?

     

    having tested the site we found that If I were to enter the url up to the point of ticket with nothing after it would present a single FA logon page so any rule we put in to allow these links through would need to check for ticket =n with n being anytext.

     

    Apologies if that's what your rule is saying already!

    • Juraj's avatar
      Juraj
      Icon for Cirrus rankCirrus
      Mar 05, 2020

      ne in the iRule stands for “not equal”, so the iRule above expect the parameter “ticket” in the URL to exists and not be empty, i.e. it must have some value. If you know the logic of that value, you could also validate it in your iRule to make sure someone is not bypassing your controls by simply adding a non-empty “ticket” parameter.

       

      I have something similar on our F5, where the iRule lets all POST requests from Slack in to our internal JIRA system, as long as such POST requests contain a specific Slack token.

    • Frank0ph's avatar
      Frank0ph
      Icon for Nimbostratus rankNimbostratus
      Mar 10, 2020

      Thanks Juraj, this looked like the perfect solution but it doesn't seem to be getting through. I've tried to log all of the URI's that come through during the page loading process but can't seem to get the syntax right.

      Do you know what I need to enter to get it to output all of the pages during the connection?

      Alternatively is it possible to log the result from the irule?

    • Frank0ph's avatar
      Frank0ph
      Icon for Nimbostratus rankNimbostratus
      Apr 20, 2020

       

        when I use the Irule that you suggested the site does bypass the Access Policy as requested however the site doesn't load and comes back with failed to load resource for the sites pages (404 not found errors) just getting stuck on a loading page.

       

      Is there anything in the passing of the Irule that would affect the site being able to load? Surely after it has passed it through it should be able to load as normal.

       

      If the rule and access policy are disabled the site loads no problem with no such errors.