Basic Authentication with aFleX
Quick and dirty way of authenticating users for specific URLs on a VIP.
### START ###
when RULE_INIT {
# Set the REALM
set ::REALM "Password Required"
# List of URLs you need to authenticate for
array set ::LISTURL {
"/exchange" "1"
"/exchange/" "1"
"/sharepoint" "1"
"/sharepoint/" "1"
}
# List of users (with passwords) that are allowed to authenticate
array set ::DOTPASSWD {
"randomuser1" "thiswillbeacleartextpassword"
"randomuser2" "thiswillbeacleartextpassword"
}
}
when HTTP_REQUEST {
set URI [HTTP::uri]
if { [info exists ::LISTURL($URI)] } {
if { [HTTP::header exists "Authorization"] } {
set encoded_header [HTTP::header "Authorization"]
regexp -nocase {Basic (.*)} $encoded_header tmpmatch encoded_string
set decoded_string [b64decode $encoded_string]
regexp -nocase {(.*):(.*)} $decoded_string tmpmatch auth_user auth_passwd
if { [info exists ::DOTPASSWD($auth_user)] } {
set stored_passwd $::DOTPASSWD($auth_user)
if { $auth_passwd ne $stored_passwd } {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"$::REALM\""
}
} else {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"$::REALM\""
}
} else {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"$::REALM\""
}
}
}
### END ###
### START ###
when RULE_INIT {
# Set the REALM
set ::REALM "Password Required"
# List of URLs you need to authenticate for
array set ::LISTURL {
"/exchange" "1"
"/exchange/" "1"
"/sharepoint" "1"
"/sharepoint/" "1"
}
# List of users (with passwords) that are allowed to authenticate
array set ::DOTPASSWD {
"randomuser1" "thiswillbeacleartextpassword"
"randomuser2" "thiswillbeacleartextpassword"
}
}
when HTTP_REQUEST {
set URI [HTTP::uri]
if { [info exists ::LISTURL($URI)] } {
if { [HTTP::header exists "Authorization"] } {
set encoded_header [HTTP::header "Authorization"]
regexp -nocase {Basic (.*)} $encoded_header tmpmatch encoded_string
set decoded_string [b64decode $encoded_string]
regexp -nocase {(.*):(.*)} $decoded_string tmpmatch auth_user auth_passwd
if { [info exists ::DOTPASSWD($auth_user)] } {
set stored_passwd $::DOTPASSWD($auth_user)
if { $auth_passwd ne $stored_passwd } {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"$::REALM\""
}
} else {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"$::REALM\""
}
} else {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"$::REALM\""
}
}
}
### END ###
0