Access allowed when it should be denied

Question

Hi guys&nbsp;
I'm implementing APM in a customer environment and now we caught in a problem that the customer has an URL that I use APM to authenticate and then check the group, if the group is approved the access will be permitted. It's working as expected too. But, if another user try to log in to the application using the same machine the access is allowed even the user isn't inside the permitted group.&nbsp;
Is possible to check this again ?&nbsp;
&nbsp;

niels_van_sluis · Answer

Strange. APM uses session based cookies. When successfully authenticated it is limited to the scope of a specific browser session. What happens if you open different browser types (IE, Firefox, Chrome) and login to APM? The expected behavior would be that you have to login once for each browser.

luiz_guimaraes_ · Answer

Hi Niels, I did it and works fine. But the problem still persist when I call another URI in the same HTTP_HOST using the same browser. Someone said that I need to configure V2V (Virtual-to-Virtual) using 1 VIP LTM with iRule redirecting to the other virtual.&nbsp;
My irule has a switch statement and its works as expected, but when it goes to redirect to the /my.policy to authenticate, the traffic is denied because the iRule is validated again and the new URI is not defined there.&nbsp;
Do you have any suggestion?  
&nbsp;
Tks&nbsp;
Luiz&nbsp;

Forum Discussion

Access allowed when it should be denied

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

allow access to mangment web for listed IP

allow one url from blocks geolocation

F5's Access Policy Manager the Access Proxy for Zero Trust Architectures

Unable to access GUI

Advanced API Access Control with BIG-IP APM – Part I

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS