I found this stuff
when HTTP_REQUEST {
enable the clientless-mode so that users will not follow 302 used by APM
HTTP::header replace "clientless-mode" 1
On first request we send the 401 basic auth popup
if { [HTTP::header Authorization] eq "" } {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"srv.example.com\"" Connection close
return
} else {
Extract the username and password from the Authorization header in order to store them in session variables for APM authentication and SSO to back-end server
set username [HTTP::username]
set password [HTTP::password]
}
}
But it does a basic auth first and will logically save the creds in the authorization header.
But I'm lookign for a solution to intercept the form post request.
Any help are kindly appreciated
bb