Forum Discussion
Stanislas_Piro2
Nov 01, 2018Cumulonimbus
You can also try this code...
when HTTP_REQUEST {
store the host header for the initial /start_policy redirect
set uri_path [HTTP::path]
set uri_query [HTTP::query]
set apm_sessionid [HTTP::cookie value MRHSession]
set apm_sessionid_401 [HTTP::cookie value MRHSession_401]
set inject_401_cookie 0
set delete_401_cookie 0
if { ( [URI::query [HTTP::uri] forceauth] == 1 ) } {
initial redirect to /start_policy (starts access policy evaluation)
Remove the not established previous sessions
ACCESS::session remove
ACCESS::session create -timeout 1800 -lifetime 0
HTTP::uri "$uri_path[expr {[string length $uri_query] == 12 ? "" : "?[string map {"forceauth=1\&" "" "\&forceauth=1" "" "forceauth=1" ""} $uri_query]"}]"
set apm_req 1
} elseif { $apm_sessionid_401 equals $apm_sessionid} {
set apm_req 1
} elseif { $apm_sessionid_401 equals ""} {
APM session disabled until logon process is started
ACCESS::disable
set apm_req 0
} elseif {[ACCESS::session exists -state_allow $apm_sessionid] } {
normal post-policy request with cookie not existing
set apm_req 1
set inject_401_cookie 1
} else {
APM session disabled until logon process is started
ACCESS::disable
set apm_req 0
set delete_401_cookie 1
}
}
when HTTP_RESPONSE {
log local0. "apm_req was $apm_req"
capture the redirect to authenticate
if { ([HTTP::status] eq "401") and ($apm_req eq 0) } {
initiate access policy processing
log local0. "apm_req was $apm_req so redirecting"
HTTP::respond 307 noserver Location $uri_path?[join "$uri_query forceauth=1" &] Connection Close
}
if {$inject_401_cookie} {
HTTP::cookie insert name MRHSession_401 value $apm_sessionid path "/"
HTTP::cookie secure MRHSession_401 enable
} elseif {$delete_401_cookie} {
HTTP::cookie insert name MRHSession_401 value deleted path "/"
HTTP::cookie expires absolute 0
HTTP::cookie secure MRHSession_401 enable
}
}
The goal of this version is to prevent session ID check on every request.