Forum Discussion

ossart_377099's avatar
ossart_377099
Icon for Nimbostratus rankNimbostratus
Jan 08, 2019

validation Irule F5 APM

Hello, I’m not an expert on the rule, so does anyone have a tool or could I validate this rule please?

In the Access Profile :

Irule_Allpriv_Api :

when ACCESS_POLICY_AGENT_EVENT {
  log local0. "avant test id valeur a 5"
  set static::valeur 5
  set static::info "infos irule avant traitement"
  set static::result "appel api allpiv avant traitement"
  if {"[ACCESS::session data get session.custom_event.id]" eq "irule_allpriv_api"} {
    log local0. "irule_allpriv_api alimentation des variables"
    set static::clientID "[ACCESS::session data get session.ldap.last.attr.cn]"
    set valeur 0
    set result "irule api traitement ok"
    ACCESS::session data set session.logon.user.id 0
    ACCESS::session data set session.custom.clientID $clientID
    ACCESS::session data set session.api.allpriv.id $result
    log local0. "variables alimentees"
    set s2 [call /common/HSSR::http_req -uri "https://m.allpriv.com/techzone.sh?id"; \ – 
      virt /common/vs-HSSR-helper -method POST –redir 0 –rbody info]
    if {$s2 == 200} {
      log local0. "retour du serveur ok info= ${info}"
    } else { log local0. "retour du serveur Ko info= ${info}" }
    if { $clientID != "" } { 
      ACCESS::session data set session.logon.user.id 1
    }
  } 
}

thanks you Best regard Alain OSSART @mail : alain.ossart@ca-ts.fr

APM
security

2 Replies

Sort By
  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Jan 08, 2019

    Just a quick visual review. Which got two minor points:

    • Don't use static variables unless you really need too
    • You can ACCESS::policy agent_id instead of [ACCESS::session data get session.custom_event.id]

     

    when ACCESS_POLICY_AGENT_EVENT {
    log local0. "avant test id valeur a 5"
    set valeur 5
    set info "infos irule avant traitement"
    set result "appel api allpiv avant traitement"

    if {[ACCESS::policy agent_id] eq "irule_allpriv_api"} {
        log local0. "irule_allpriv_api alimentation des variables"
        set clientID "[ACCESS::session data get session.ldap.last.attr.cn]"
        set valeur 0
        set result "irule api traitement ok"
        ACCESS::session data set session.logon.user.id 0
        ACCESS::session data set session.custom.clientID $clientID
        ACCESS::session data set session.api.allpriv.id $result
        log local0. "variables alimentees"
        set s2 [call /common/HSSR::http_req -uri "https://m.allpriv.com/techzone.sh?id"; \ –virt /common/vs-HSSR-helper -method POST –redir 0 –rbody info]

        if {$s2 == 200} {
            log local0. "retour du serveur ok info= ${info}"
        } else {
            log local0. "retour du serveur Ko info= ${info}"
        }

        if { $clientID != "" } {
            ACCESS::session data set session.logon.user.id 1
        }
    }
}

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 08, 2019

    Hi,

    I don't understand what this code is expected to do!

    Your code contains wrong commands (Line 3 : set starts with uppercase) You forgot the POST body in your request.

    You can do anything there in the Access Policy:

    1. HTTP Auth (create first a HTTP Auth without "Form Parameter For User Name" / "Form Parameter For Password" values, All Access session variables are entered as %{session.custom.myvar} ) If you want to get data from server (which is a virtual server in your code), you can include in a cookie... HTTP Auth stores cookies in session variable but not body.

    2. Variable Assign :

      session.logon.user.id = variable session.http.last.result
session.custom.clientID = variable session.ldap.last.attr.cn
session.api.allpriv.id = Text "api traitement ok"