HTTP Basic Access Authentication iRule Style
Published Sep 30, 2010
Version 1.0Was this article helpful?
- empty string comparison is quicker than length comparison
- perform basic filtering/evaluation before doing more expensive functions
- redirect on failure instead of allowing an endless loop
- logging should probably not be done on the LTM
when HTTP_REQUEST {
possible logic to narrow scope to host, path, or individual resource
if { [HTTP::username] eq "" or [HTTP::password] eq "" } {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\""
return
}
binary scan [ md5 [HTTP::password]] H* password
if { [class lookup "[HTTP::username]" authorized_users] ne $password } {
log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]"
HTTP::redirect http:\\yourdomain.com\somewhere_else\denied.html
return
}
log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"
remaining logic here ....
}