Forum Discussion
Sonny
Cirrus
CirrusAllowing users to access a VS while it's in maintenance mode
I wanted to get the community input as to what's the best way to go about letting users access a VS when you've have attached an irule which puts it in maintenance mode. Basically, the irule directs ...
Hi,
you can try something like that
when HTTP_REQUEST { if {[URI::query [HTTP::uri] bypassMaintenance] equals "true"} { HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=true;path=/" } elseif {[URI::query [HTTP::uri] bypassMaintenance] equals "false"} { HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=false;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" } elseif {!([HTTP::cookie value bypassMaintenance] equals "true") } { pool maintenance } }then in the browser, request
all following requests will bypass maintenance pool. this add a cookie to bypass maintenance mode.http://www.company.com/?bypassMaintenance=trueto reactivate maintenance mode for this session, request
. it will remove the cookie.http://www.company.com/?bypassMaintenance=false
Jason0_309417Cirrus
CirrusHere's what I use to accomplish this:
- An APM policy that prompts for client certificate
- A datagroup that lists users (by cert subject) who are allowed to acces sites down for maintenance
- An iRule that determines if users are are allowed to bypass maintenace mode (based off cert subject)
- An iFile to display a maintenace message page
If users aren't in the bypass datagroup they see an error message generated from the iFile. If you don't use PKI, you could always use client IP, username/password, or something else to identify users.
when ACCESS_ACL_ALLOWED priority 500 {
set employee [ACCESS::session data get "session.ssl.cert.subject"]
if { [class match $employee equals maint_bypass.dg] } {
log local0. "[virtual] maintenance mode bypassed by user: [$employee]"
} else {
ACCESS::respond 200 content [ifile get Maintenance_Banner.html] "Content-Type" "text/html"
}
unset employee
return
}
}