Forum Discussion

nranadive2024's avatar
nranadive2024
Icon for Nimbostratus rankNimbostratus
Apr 10, 2024

iRule: Content Rewrite

I need to convert the following Apache code to the irule. Based on the 'context-root' /nosaml users should be redirected to the login page, but the irule doesnt seems to work keeps on going to saml authentication.

 

Apache

<Location /spacex/nosaml>
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
    RewriteEngine On
    # remove /nosaml and add query parameter in place
    RewriteCond %{QUERY_STRING} ^$ 
    RewriteRule /3DSpace/nosaml(.*) https://%{HTTP_HOST}/spacex$1?doSAML=false [P]
    # we need to maintain any query string from web app, but append saml to existing query
    RewriteCond %{QUERY_STRING} !^&
    RewriteRule /3DSpace/nosaml(.*) https://%{HTTP_HOST}/spacex$1&doSAML=false [P]
</Location>

 

F5

################

when HTTP_REQUEST {
  
  set samlConditionalParam "doSAML"
  # we only need to review incoming login requests to 3 dpassport
  if {[string tolower [HTTP::uri]] starts_with "/spacex/nosaml" && [HTTP::uri] contains "login" } {
  # 
    # check query string to make sure it does not already include sam|ConditionalParam
    # or if query string is absent (meaning request for direct access to 3dpassport service
    if {{ [HTTP::query] != "" } && {[HTTP::query] contains $samlConditionalParam }} {
      if{[string match "172.25.*" [IP::client_addr]]} {
      HTTP::uri [НТТР::uri]?[HTTP::query]&$samlConditionalParam=false
        # add sam|ConditionalParam to query string
      }
    }
  }
   

log local0. "HTTP Method = [HTTP::method]"
    log local0. "HTTP URI = [HTTP::uri]"
    log local0. "HTTP Path = [HTTP::path]"
    log local0. "HTTP Query = [HTTP::query]"
    log local0. "HTTP Version = [HTTP::version]"
    log local0. "HTTP Host Header = [HTTP::host]"
    log local0. "HTTP User Agent Header = [HTTP::header value "user-agent"]"
}

  • What are you attempting to do with the following piece of iRule code?

    if{[string match "172.25.*" [IP::client_addr]]} {
          HTTP::uri [НТТР::uri]?[HTTP::query]&$samlConditionalParam=false
            # add sam|ConditionalParam to query string
          }

     

    • nranadive2024's avatar
      nranadive2024
      Icon for Nimbostratus rankNimbostratus

      Thats the source network white listing which can be ignored. When the query+doSAML is false, it has to be redirected to the local authentication & not 'saml'.