iRule - Authorization Bearer / Basic

Question

Hi everyone!I'm trying to "translate" a postman request to an iRule, however, I need help because I have no idea how to handle this in an iRule.When the request is of type BasicAuth, origin service now, BIG-IP must send the attribute in the X-HUB-BASIC header to the API address, the value is received from BasicAuthWhen the request is of the BearerAuth type, origin service now, BIG-IP must send the API address the attribute in the X-HUB-JWT header, the value is received from BearerAuth.Thanks in advance.

petewhite · Accepted Answer

HTTP_REQUEST is in the request which goes to the backend server, HTTP_RESPONSE is for the response from the server to the client. To correct your iRule:
when HTTP_REQUEST {
  if { [HTTP::header Authorization] contains "Basic" } {
    log local0.debug "Basic: [HTTP::header Authorization]"
    HTTP::insert X-HUB-BASIC "[HTTP::header Authorization]"
  } elseif { [HTTP::header Authorization] contains "Bearer" } {
    log local0.debug "Bearer: [HTTP::header Authorization]"
    HTTP::insert X-HUB-Bearer "[HTTP::header Authorization]"
  }
}

petewhite · Answer

&nbsp;is actually pretty simple - the relevant piece is the Authorization header. For Basic auth, it starts with the term Basic, for Bearer it starts with the term Bearer.
So the first thing to do is to is to create the pseudocode:
if Authorization header contains Basic
  insert header X-HUB-BASIC with Authorization header
elseif Authorization header contains Bearer
  insert header X-HUB-JWT with Authorization header
endif

To do a proof of concept to detect the difference, try this iRule:
when HTTP_REQUEST {
  if { [HTTP::header Authorization] contains "Basic" } {
    log local0.debug "Basic: [HTTP::header Authorization]"
  elseif { [HTTP::header Authorization] contains "Bearer" } {
    log local0.debug "Bearer: [HTTP::header Authorization]"
  }
}

andreia · Answer

Hi! Thanks for the reply!That insert wouldn't be inside the HTTP_REQUEST, would it?

petewhite · Answer

yes, it would. Presumably you want to insert the HTTP header into the request which goes to the backend server.

andreia · Answer

Yes, I want to insert the header inside the request which goes to the backend server. Actually I don't know if it would be in HTTP_RESPONSE or HTTP_RESPONSE_RELEASE.

Would it be something like this?
when HTTP_RESPONSE {
if { [HTTP::header Authorization] contains "Basic" } {
log local0.debug "Basic: [HTTP::header Authorization]"
HTTP::insert X-HUB-BASIC "[HTTP::header Authorization]"
} elseif { [HTTP::header Authorization] contains "Bearer" } {
log local0.debug "Bearer: [HTTP::header Authorization]"
HTTP::insert X-HUB-Bearer "[HTTP::header Authorization]"
}
}

Forum Discussion

iRule - Authorization Bearer / Basic

5 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

ASM irule to disable attack signature authorization header with specific value

Resolve Citrix Secure Ticket Authority (STA)

OWASP Tactical Access Defense Series: Broken Object Level Authorization and BIG-IP APM

Extract Citrix Secure Ticket Authority (STA)

Create Your Own Certificate Authority