Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

APM Web Portal Access URLs for iRules and SSO

Hey

I am trying to publish this post on devcenteral but getting an error that the post was identified as spam “Content has been identified as spam. If this is not the case, please contact devcentral@f5.com.”

This is the post’s details

hey

i am publishing an internal resource using APM. i need to configure SSO and non of the built-ins are suitable for me. i have checked and the application is submitting an HTTP Post to the "/api/account/login" when it starts up. i have configured an iRule that will replace the payload of the JSON and populate it with the username and password of the user. the question is how can i make this iRule only runs on request to the specifix resource. this is the iRule code i am using however i could only match on the specific PATH.

# Collect a request payload
when HTTP_REQUEST {
    
    if {"[HTTP::host][HTTP::path]" eq "/api/account/login"}{
        if {[HTTP::method] eq "POST"}{
            # Trigger collection for up to 1MB of data
            if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
                set content_length [HTTP::header "Content-Length"]
            } else {
                set content_length 1048576
            }
            # Check if $content_length is not set to 0
            if { $content_length > 0} {
                HTTP::collect $content_length
            }
        }
    }
}
when HTTP_REQUEST_DATA {
  # do stuff with the payload
    set newPayload [HTTP::payload]
    log local0. $newPayload
    set username [ACCESS::session data get "session.custom.username"]
    set password [ACCESS::session data get "session.custom.password"]
    set search1 \"username\":\"\"
    set replace1 \"username\":\"$username\"
    set search2 \"password\":\"\"
    set replace2 \"password\":\"$password\"
    set newPayload [string map [list $search1 $replace1 $search2 $replace2] $newPayload]
    HTTP::payload replace 0 $content_length $newPayload
    log local0. [HTTP::payload]
}

the HTTP::host parameter is "https://domain.com/f5-w-687474703a2f2f3137322e31392e34372e3430$$/app/#/login" is the "f5-w-687474703a2f2f3137322e31392e34372e3430$$" string is a static one for an application ? can i use it to verify that the request is for the backend application ?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

687474703a2f2f3137322e31392e34372e3430 (Between f5-w- and $$) is the hex encoded value of http://172.19.47.40

This is how hide multiple servers behind on URL in APM.

0
Comments on this Answer
Comment made 3 months ago by minow123 62

thanks i will check this

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

minow,

This iRule code has a small error.

if {"[HTTP::host][HTTP::path]" eq "/api/account/login"}{

This piece of code is trying to match the host and path to just the path. I would suggest changing it to this.

if {[HTTP::path] eq "/api/account/login"}{

Other than that error, the code seems to work fine for me. If you have 'f5-w-687474703a2f2f3137322e31392e34372e3430$$' set up as a static route, you should be able to use that to trigger your iRule, or if it is a dynamic path name, you could use 'contains' instead of 'eq' to trigger a conditional.

Let me know if you have any other questions.

0
Comments on this Answer
Comment made 3 months ago by minow123 62

thanks for pointing it

0