ltm rule event ECA REQUEST DENIED
iRule(1) BIG-IP TMSH Manual iRule(1)
ECA_REQUEST_DENIED
Indicates a failed ECA event
DESCRIPTION
Fired only when the ECA plugin performs authentication and ECA could not verify the validity of the user
credentials. Consequently, this means that the event fired after the client performed NTLMSSP prototocol
(after client sends NTLMSSP_AUTHENTICATE), and before the ECA response of HTTP 401. This event is not fired
when ECA responds with NTLMSSP_CHALLENGE as this is part of NTLM authentication, and is also not fired when
the ECA tries to initiate NTLM authentication in which the client has not sent the credentials yet.
Examples
when ECA_REQUEST_DENIED {
log local0. "username: [ECA::username]"
log local0. "domainname: [ECA::domainname]"
log local0. "hostname: [ECA::client_machine_name]"
log local0. "status: [ECA::status]"
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.3.0 --First introduced the event.
BIG-IP 2020-06-23 iRule(1)