iRule to block blank username/password
Newbie to iRules here so please go easy.
I have been assigned a project to work with one of our applications that now wants to load balance thru our F5 (Gtm WIP and LTM VIP), but they also discovered a security issue with their application. When accessing the appliarion it normally passes thru the users credentials and then if authorized the user gets the requested info, thru the following piece of code
//string dbMotionUsername = ConfigurationManager.AppSettings["dbMotionUsername"];
//string dbMotionPassword = ConfigurationManager.AppSettings["dbMotionPassword"];
//string dbMotionRole = ConfigurationManager.AppSettings["dbMotionRole"];
//string domain = ConfigurationManager.AppSettings["domain"];
//dbMotion.Security.DbmPrincipal principal = dbm.securityhelper.AuthenticationHelper.GetdbMotionPrincipal(dbMotionUsername, domain, dbMotionPassword, dbMotionRole);
//DbmSecurityManager.CurrentPrincipal = principal;
BUT if this code is commented out or the credentials are left blank the requested info is still being returned.
I was wondering if there is an iRule out there or if someone had a similiar issue they resolved thru an iRule that they woudl liek to share.
I am thinking (not sure how to execute) but basically somehow the iRule can find out/verify that credentials are passed and if not terminate the transaction?
Thanks in advance for any help.