is it possible to write a custom http header authentication module? like check a cypto signature and expiration date?
Is it possible to write a custom http header authentication module? If a certain header exists, I'd like to check a cryptographic signature on it and then verify the header hasn't expired. Is there an API or programming language available to implement such a thing on F5 devices?278Views0likes2CommentsHow to set different inactivity and Max session timeouts for the users in the different AD group
Hi friends , I am new to f5 Apms -irules in particular , I would like some hands on my scenario . We have got multiple clients whose session MAX & Inactivity timeouts needs to be different from one another . The resource assignment for the clients are based on the AD group. I've manged to put together a irule and decided to call this irule in the APM Policy just after ad query . I wonder whether this irule script is correct ? and on the apm policy editor , when i select irule-event there is an field where i need to type in Custom-iRule-Event-Agent- ID which is i believe is the irule name !!! when ACCESS_POLICY_AGENT_EVENT { set AdGroup [ACCESS::session data get "session.ad.$name.attr.group.$attr_name"] switch -exact "$AdGroup" { Standard_SSL_Users { ACCESS::session data set session.inactivity_timeout 150 ACCESS::session data set session.max_session_timeout 200 }{ log local0.notice "Inactivity and Max timeout set" } } }522Views0likes5CommentsAPM AD Query fails when using pool
Hi, I need to use the AD Query function at the VPE. For that I created a ADserver object without admin username and password. (If you configure an admin uswername/pwd it fails quering). Now the issue is that it works if I configure one Active Directory server by using the radio buttion "direct". But when I select a pool and configure several Active Directory servers for redundancy, it fails. Looking at the log it says: AD module: ldap_initialize() successful. URI:'ldap://127.7.0.5:389' AD module: Couldn't get ldapHostName for IP address 127.7.0.5. Falling back to reverse DNS record dependency on DNS for AD. The 127.x.x.x IP addresses appear because you craft a pool. If you use the direct radio button, you will see the IP address of the Active Directory server and it is succcesful. I am running 11.5.1.hf9. I need some Active Directory server redundancy, so I was thinking to use a virtual server with loadbalancing across the Active Directory servers. However I get the same errors but then with the IP address of the virtual server.459Views0likes3Comments