Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

HTTP::username

Hi All

We have an application that has ssl termination on the f5, but we also have a simple redirect rule that redirects all http trafic to https trafic:

when HTTP_REQUEST {
  HTTP::respond 301 Location "https://[getfield [HTTP::host] : 1][HTTP::uri]"
}

but somewhere in the application is calls a http url with an username and password e.g http://username:password@www.abc.com/.....

I think the above redirect irule throws away the username and password part of the url, can someone direct me to a way to firstly check if there is a username and password and then construct the redirect url with them something in the line of:

when HTTP_REQUEST {
   set username HTTP::username
   set password HTTP::password
   if {[info exists username]}{
      HTTP::respond 301 Location "https://[HTTP::username]:[HTTP::password]@[getfield [HTTP::host] :1][HTTP::uri]"
   } else {
      # No username and password
      HTTP::respond 301 Location "https://[getfield [HTTP::host] : 1][HTTP::uri]"
   }
}
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Are you serious? you still have a http application with authentication in 2018?

and you want to respond in such non encrypted connection a link including non encoded username and password!

For your information, HTTP::username and HTTP::password are commands that return username and password from HTTP BASIC header. If the user authenticate with a form, NTLM or kerberos, this won't return anything.

0