Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

iRule - Authorization Bearer / Basic

Andreia
Cirrus
Cirrus

Hi everyone!

I'm trying to "translate" a postman request to an iRule, however, I need help because I have no idea how to handle this in an iRule.
When the request is of type BasicAuth, origin service now, BIG-IP must send the attribute in the X-HUB-BASIC header to the API address, the value is received from BasicAuth
When the request is of the BearerAuth type, origin service now, BIG-IP must send the API address the attribute in the X-HUB-JWT header, the value is received from BearerAuth.

Thanks in advance.

1 ACCEPTED SOLUTION

HTTP_REQUEST is in the request which goes to the backend server, HTTP_RESPONSE is for the response from the server to the client. To correct your iRule:

when HTTP_REQUEST {
  if { [HTTP::header Authorization] contains "Basic" } {
    log local0.debug "Basic: [HTTP::header Authorization]"
    HTTP::insert X-HUB-BASIC "[HTTP::header Authorization]"
  } elseif { [HTTP::header Authorization] contains "Bearer" } {
    log local0.debug "Bearer: [HTTP::header Authorization]"
    HTTP::insert X-HUB-Bearer "[HTTP::header Authorization]"
  }
}

View solution in original post

5 REPLIES 5

PeteWhite
F5 Employee
F5 Employee

 is actually pretty simple - the relevant piece is the Authorization header. For Basic auth, it starts with the term Basic, for Bearer it starts with the term Bearer.

So the first thing to do is to is to create the pseudocode:

if Authorization header contains Basic
  insert header X-HUB-BASIC with Authorization header
elseif Authorization header contains Bearer
  insert header X-HUB-JWT with Authorization header
endif 

To do a proof of concept to detect the difference, try this iRule:

when HTTP_REQUEST {
  if { [HTTP::header Authorization] contains "Basic" } {
    log local0.debug "Basic: [HTTP::header Authorization]"
  elseif { [HTTP::header Authorization] contains "Bearer" } {
    log local0.debug "Bearer: [HTTP::header Authorization]"
  }
}

Andreia
Cirrus
Cirrus

Hi! Thanks for the reply!
That insert wouldn't be inside the HTTP_REQUEST, would it?

yes, it would. Presumably you want to insert the HTTP header into the request which goes to the backend server.

Yes, I want to insert the header inside the request which goes to the backend server. Actually I don't know if it would be in HTTP_RESPONSE or HTTP_RESPONSE_RELEASE.

Would it be something like this?
when HTTP_RESPONSE {
if { [HTTP::header Authorization] contains "Basic" } {
log local0.debug "Basic: [HTTP::header Authorization]"
HTTP::insert X-HUB-BASIC "[HTTP::header Authorization]"
} elseif { [HTTP::header Authorization] contains "Bearer" } {
log local0.debug "Bearer: [HTTP::header Authorization]"
HTTP::insert X-HUB-Bearer "[HTTP::header Authorization]"
}
}

HTTP_REQUEST is in the request which goes to the backend server, HTTP_RESPONSE is for the response from the server to the client. To correct your iRule:

when HTTP_REQUEST {
  if { [HTTP::header Authorization] contains "Basic" } {
    log local0.debug "Basic: [HTTP::header Authorization]"
    HTTP::insert X-HUB-BASIC "[HTTP::header Authorization]"
  } elseif { [HTTP::header Authorization] contains "Bearer" } {
    log local0.debug "Bearer: [HTTP::header Authorization]"
    HTTP::insert X-HUB-Bearer "[HTTP::header Authorization]"
  }
}