Forum Discussion
2 Replies
Sort By
- Kevin_Stewart
Employee
Well, yes of course. There's not much you really can't do with iRules (the F5 programmability API), so such a thing would be extremely reasonable.
when HTTP_REQUEST { if { [HTTP::header exists MYAUTHHDR] } { do something with that header } }
The real question, however, is how you would implement such a thing securely. HTTP headers don't usually provide any sort of challenge-response mechanism, so you'd have to create such a thing, both in iRules AND within the client from scratch, and you'd have to make sure that a) the communication was encrypted, and b) that it is (hopefully) not spoofable.
Better not to re-invent the wheel, especially when it comes to security. Is there any reason you can't use HTTP Basic auth or Client Certificate auth, to name a few examples?