Forum Discussion

F5-Geek's avatar
F5-Geek
Icon for Nimbostratus rankNimbostratus
Feb 21, 2018

Irule not working

Below is my irule is not working if the URI::query doesn't have the required parameters. Basically i want send respond 200 for successful connection and 401 for incorrect parameter or non parameter Please suggest

 

when HTTP_REQUEST { HTTP::header insert "clientless-mode" 1 log local0. "clientless-mode 1" set xyz [HTTP::query]

 

if {[info exists $abc]} { HTTP::respond 200 content $abc }

 

}

 

when ACCESS_POLICY_COMPLETED { if {[ACCESS::policy result] equals "allow"} {set abc [class match -value "$xyz" equals USERS_DG] ACCESS::respond 200 content "$abc" log local0. "$abc"} if{not([class match -value ["$xyz"] equals USERS_dg ] ) } {ACCESS::respond 401 content "TEST"}

 

}

 

APM
application delivery
LTM

4 Replies

Sort By
  • rob_carr's avatar
    rob_carr
    Icon for Cirrostratus rankCirrostratus
    Feb 22, 2018

    Slightly easier to read formatting:

    when HTTP_REQUEST { 
  HTTP::header insert "clientless-mode" 1 
  log local0. "clientless-mode 1" 
  set xyz [HTTP::query]
  if {[info exists $abc]} { 
    HTTP::respond 200 content $abc
  }
}

when ACCESS_POLICY_COMPLETED { 
  if {[ACCESS::policy result] equals "allow"} {
    set abc [class match -value "$xyz" equals USERS_DG]
    ACCESS::respond 200 content "$abc" 
    log local0. "$abc"
  } 
  if {not([class match -value ["$xyz"] equals USERS_dg ] ) } {
    ACCESS::respond 401 content "TEST"
  }
}
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Feb 22, 2018

    Just a quick rewrite:

    when HTTP_REQUEST {
    set xyz ""
    HTTP::header insert "clientless-mode" 1
    log local0. "clientless-mode 1"
    set xyz [HTTP::query]
}

when ACCESS_POLICY_COMPLETED {
    if { $xyz ne "" } {
        log local0. "ACCESS_POLICY_COMPLETED: Found query string $xyz."
        if {[ACCESS::policy result] equals "allow"} {
            set abc ""
            set abc [class match -value -- "$xyz" equals USERS_DG]
            if { $abc ne "" } {
                log local0. "ACCESS_POLICY_COMPLETED: $abc : access allowed"
                ACCESS::respond 200 content $abc
                event disable all
                return
            } else {
                log local0. "ACCESS_POLICY_COMPLETED: param not matching acl: access not allowed"
                ACCESS::respond 404 "resource not found."
                event disable all
                return
            } 
        }
    } else {
        log local0. "ACCESS_POLICY_COMPLETED: query string not found."
        ACCESS::respond 404 "resource not found." 
        event disable all
        return
    }
}
  • F5-Geek's avatar
    F5-Geek
    Icon for Nimbostratus rankNimbostratus
    Feb 23, 2018

    when HTTP_REQUEST { set xyz "" HTTP::header insert "clientless-mode" 1 log local0. "clientless-mode 1" set xyz [HTTP::query] }

    when ACCESS_ACL_ALLOWED { set abc "" set abc [class match -value -- "$xyz" equals USERS_DG] if { $abc ne "" } { log local0. "ACCESS_POLICY_COMPLETED: $abc : access allowed" HTTP::respond 200 content $abc event disable all return } else { log local0. "ACCESS_POLICY_COMPLETED: param not matching acl: access not allowed" HTTP::respond 404 "resource not found." event disable all return } 

     if { $abc eq "" } {
    log local0. "ACCESS_POLICY_COMPLETED: query string not found."
    HTTP::respond 401 content "Error: Failure in Authentication" Connection Close
    event disable all
    return

    } }

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Feb 25, 2018

    When working with clientless mode, there is no more interractivity with requestor.

     

    You have to define in the irule how do you get credentials for policy evaluation.

     

    There are some irule on devcentral on how to manage clientless mode like basic authentication, xml parameter or certificate.

     

    How do you want the client authenticate in APM?