Form Authentication with aFleX

mischa

Quick and dirty way of form based authenticating users for specific URLs on a VIP.

### START ### when RULE_INIT { # List of users (with passwords) that are allowed to authenticate array set ::DOTPASSWD { "randomuser1" "thiswillbeacleartextpassword" "randomuser2" "thiswillbeacleartextpassword" } set ::FORM_CONTENT "AuthenticationPlease AuthenticateUsername:Password: " } when HTTP_REQUEST { set client_ip [IP::client_addr] set persist_entry [persist lookup uie $client_ip] if { [HTTP::method] eq "POST" and $persist_entry eq "" } { HTTP::collect } elseif { [HTTP::method] ne "POST" and $persist_entry eq "" } { HTTP::respond 200 content $::FORM_CONTENT } } when HTTP_REQUEST_DATA { set client_ip [IP::client_addr] if { [HTTP::method] eq "POST"} { log "PAYLOAD: [HTTP::payload]" set auth_string [HTTP::payload] regexp -nocase {form_username=(.*)&form_password=(.*)} $auth_string matchall auth_user auth_passwd if { [info exists ::DOTPASSWD($auth_user)] } { set stored_passwd $::DOTPASSWD($auth_user) if { $auth_passwd eq $stored_passwd } { set ::AUTHENTICATED "yes" } else { HTTP::respond 200 content $::FORM_CONTENT } } else { HTTP::respond 200 content $::FORM_CONTENT } } else { HTTP::respond 200 content $::FORM_CONTENT } } when HTTP_RESPONSE { if { $::AUTHENTICATED eq "yes" } { persist add uie { $client_ip } 600 } } ### END ###