Forum Discussion

Cirrus

Dec 10, 2015

Check Authorization / WWW-Authenticate headers

Hi. I am trying to make sure that the user what is trying to/has authenticated to a site w/ Basic Auth matches a user in a list. However, I cannot force the server to prompt if the user/pass is not a...

Cumulonimbus

Dec 11, 2015

Erich,

Do you want to block if the user provide a wrong password and is prompted again by the server?

when HTTP_REQUEST {
    if {[catch {set username [HTTP::username] }]} { set username ""}
    if { $username ne ""} { 
        set user_provided 1
    } else {
        set user_provided 0
    }

}

when HTTP_RESPONSE {
  if { ([HTTP::status] eq "401") && ($user_provided) } { HTTP::respond 403 content "Access is Denied!" }
}

Forum Discussion

Check Authorization / WWW-Authenticate headers

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

JWT authorization with NGINX Ingress Controller

ASM irule to disable attack signature authorization header with specific value

iRule - Authorization Bearer / Basic

OWASP Tactical Access Defense Series: Broken Object Property Level Authorization and BIG-IP APM

Resolve Citrix Secure Ticket Authority (STA)