Forum Discussion

YossiV's avatar
YossiV
Icon for Nimbostratus rankNimbostratus
Mar 26, 2019
Solved

Irule to block specific users from login to back office system

Hi guys, i need your help to fine tune my Irule script i need to catch the username ( convert it to lower case ) and than match it to the data group list. if its not exist on the DataGroup list, send 403. so basically is a post method only and the uri always come with /login the payload is form data that contains the username and the password as you see at the form data my irule looks like this:

 

Code
when CLIENT_ACCEPTED {
   log local0. "[IP::client_addr]: HTTP Client Connected"
}
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] ends_with "login") and ([HTTP::method] eq "POST")} {
   Trigger collection for up to 1MB of data
    if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576} {
        set content_length [HTTP::header "Content-Length"]
    } else {
        set content_length 1048576
    }
   Check if $content_length is not set to 0
    if { $content_length > 0} {
        HTTP::collect $content_length
    }
}
}
when HTTP_REQUEST_DATA {
set username [lindex [split [string tolower [HTTP::payload]] "\""] 3]
   log local0. "Split payload and take username"
if { [class match $username equals BOAgentName] } {
       log local0. "username matches data-group and this connection will be rejected"
    log local0.  "BoAgent Blocked. Agent=$username and Source IP=[IP::client_addr],"
    HTTP::respond 403 
} else {
        log local0. "BoAgent Allowed"
}
}

 

but its not working for me.. 😞

 

application delivery
iRules
LTM
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Mar 27, 2019

    To get username, use this command

     

    set username [URI::query ?[HTTP::payload]] username]

     

3 Replies

Sort By
  • Rico's avatar
    Rico
    Icon for Cirrus rankCirrus
    Mar 26, 2019

    It seems like the error is in your username assignment. It doesn't seem to be getting the username properly, at least when I tested it. I wrote this segment of code to grab the value of whatever comes after 'username=' in a urlencoded post.

     

    log local0. "Payload: [HTTP::payload]"
set payload [string range [HTTP::payload] [string first username [HTTP::payload]] [string length [HTTP::payload]]]
set findex [string first = $payload]
set lindex [string first & $payload]
if {$lindex eq -1}
{
    set lindex [string length $payload]
    incr lindex
}
log local0. "Modified Payload: $payload"
set username [string range $payload [incr findex 1]  [incr lindex -1]]

    I added in some error handling in case the username value was in different places in the payload. Hopefully, this will solve your problem if you replace your username variable assignment with it.

     

    If you have any more questions, I am sure I can help.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Mar 27, 2019

    To get username, use this command

     

    set username [URI::query ?[HTTP::payload]] username]