Forum Discussion

M_Petr's avatar
M_Petr
Icon for Altostratus rankAltostratus
Sep 11, 2019
Solved

Insert JavaScript only if memberOF equal some value

Hi, everyone.

I have one virtual server, one pool.

My APM with Login + AD auth + AD Query (expr { [mcget {session.ad.last.attr.memberOf}] contains "CN=Group1" }).

I must :

If I have a match with a specific group (Group1), then I insert the JavaScript to HTTP Response;

if there are no matches only HTTP Response.

How can I do this?

 

APM
application delivery
LTM
  • youssef1's avatar
    youssef1
    Sep 11, 2019

    Hi Petr.

    a) So first of you have to be sure that your session is not in progress... it will be success (value == allowed).

    b) in ordre to inject easly your javascript follow my procedure:

    - create a file with your js (myjs.js)

    - Upload it on F5 (Access ›› Webtops : Hosted Content : Manage Files) and attached it to your VS / Policy.

    - On your VPE set a value in order to validate if user is in the right configuration:

    session.logon.custom.grp

    if { [mcget "session.ldap.last.memberOf"] contains "right_GRP") } { return "1" } else { return "0" }

    - Then you have to rewrite the content response using stream profile (of course you have to set a default stream profil in your vs)

    I set you an example of rewriting but you have to adapt stream expression...

    Hope it's clear for you, I don't tested this Irule and I think you have to adapt this irule.

    this Irule (and this way of doing) is going to give you the big lines to follow ...

    when HTTP_REQUEST {
 
set session 0
 
if {[ACCESS::session exists -sid $apm_cookie] and [ACCESS::session data get -sid $apm_cookie session.policy.result] == "allowed" }{
 
	set session 1
 
}
 
}
 
 
 
when HTTP_RESPONSE {
 
set grp [ACCESS::session data get "session.logon.custom.grp"]
 
if {$grp} {
 
  if { ([HTTP::header value Content-Type] contains "text") } {
 
    log local0. "rewrite"
 
    STREAM::expression {@src="script/modernizr.js"></script>@src="script/modernizr.js"></script><script type="text/javascript" src="/public/share/yourjs.js"></script>@ @<body>@<body onLoad="senjson()">@}
    STREAM::enable
  }
}
}

    Regards

2 Replies

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Sep 11, 2019

    Hi Petr.

    a) So first of you have to be sure that your session is not in progress... it will be success (value == allowed).

    b) in ordre to inject easly your javascript follow my procedure:

    - create a file with your js (myjs.js)

    - Upload it on F5 (Access ›› Webtops : Hosted Content : Manage Files) and attached it to your VS / Policy.

    - On your VPE set a value in order to validate if user is in the right configuration:

    session.logon.custom.grp

    if { [mcget "session.ldap.last.memberOf"] contains "right_GRP") } { return "1" } else { return "0" }

    - Then you have to rewrite the content response using stream profile (of course you have to set a default stream profil in your vs)

    I set you an example of rewriting but you have to adapt stream expression...

    Hope it's clear for you, I don't tested this Irule and I think you have to adapt this irule.

    this Irule (and this way of doing) is going to give you the big lines to follow ...

    when HTTP_REQUEST {
 
set session 0
 
if {[ACCESS::session exists -sid $apm_cookie] and [ACCESS::session data get -sid $apm_cookie session.policy.result] == "allowed" }{
 
	set session 1
 
}
 
}
 
 
 
when HTTP_RESPONSE {
 
set grp [ACCESS::session data get "session.logon.custom.grp"]
 
if {$grp} {
 
  if { ([HTTP::header value Content-Type] contains "text") } {
 
    log local0. "rewrite"
 
    STREAM::expression {@src="script/modernizr.js"></script>@src="script/modernizr.js"></script><script type="text/javascript" src="/public/share/yourjs.js"></script>@ @<body>@<body onLoad="senjson()">@}
    STREAM::enable
  }
}
}

    Regards