Forum Discussion

Jeff_Knights_44's avatar
Jeff_Knights_44
Icon for Nimbostratus rankNimbostratus
Dec 06, 2012

local HTTP auth looping? HELP!!!

I recently built a simple irule to do a local HTTP authentication from a datagroup which would block the public from seeing a beta website.

 

I have watched the logs and it says "User XXX has been authorized to access virtual server /Common/TEST_SERVER

 

so it seems the irule is working correctly but the website never comes up, the userid and password screen keep coming up as if in a loop. any suggestions?

 

here is the irule:

 

 

when HTTP_REQUEST {

 

binary scan [ md5 [HTTP::password]] H* password

 

 

if { [class lookup "[HTTP::username]" datagroup_xxx] equals $password } {

 

log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"

 

Insert iRule-based application code here if necessary

 

 

} else {

 

 

if { [string length [HTTP::password]] != 0 } {

 

log local0. "User [HTTP::username] has been denied access to virtual server "

 

}

 

 

HTTP::respond 401 WWW-Authenticate "Basic realm=\"local.loc\""

 

 

}

 

}

 

application delivery
dev
devops
iRules

12 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 06, 2012
    Hi Jeff,

     

     

    Can you try this?

     

     

    
when HTTP_REQUEST {

if {[HTTP::password] eq ""}{

HTTP::respond 401 WWW-Authenticate "Basic realm=\"local.loc\""
} else {
binary scan [md5 [HTTP::password]] H* password
if { [class lookup "[HTTP::username]"  datagroup_xxx] equals $password } {
log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"

 Insert iRule-based application code here if necessary
} else {
HTTP::respond 403 content "blocked!"
}
}
}

     

     

    Aaron
  • Jeff_Knights_44's avatar
    Jeff_Knights_44
    Icon for Nimbostratus rankNimbostratus
    Dec 06, 2012
    and the F5 logs showed:

     

     

    User XXX has been authorized to access virtual server /Common/XXXXXXXXXX
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 06, 2012
    If you take the iRule off of the virtual server are you able to access the pool?

     

     

    Aaron
  • Jeff_Knights_44's avatar
    Jeff_Knights_44
    Icon for Nimbostratus rankNimbostratus
    Dec 06, 2012
    i just noticed something, the second time the userid/password auth screen comes back is says something about "Sling (Development)" which is not us.

     

     

  • Jeff_Knights_44's avatar
    Jeff_Knights_44
    Icon for Nimbostratus rankNimbostratus
    Dec 06, 2012
    I am quickly thinking everything is working as it should but the website sees the AUTH request and somehow the JAVA on the site is reacting...