For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JD1's avatar
JD1
Icon for Altostratus rankAltostratus
Jul 10, 2019
Solved

APM - Multiple sessions per single VS and APM profile/policy.

Hi All,   I've a scenario where multiple URLs land on a policy and the result is determind by the URL originally reached. As expected though, once the policy is completed for one browser session...
application delivery
BIG-IP Access Policy Manager (APM)
  • Nicolas_Destor's avatar
    Nicolas_Destor
    Jul 11, 2019

    It is not dedicated only to SWG, you can use with APM also to improve security of a webtop for example. When you attach a per-request policy to your VS, all your client requests are evaluated by this policy.

     

    With a URL_branching box at the begining of the policy, you can decide what action to perform (like a new authentication) according to the URL requested by the client. The session variable to use is "perflow.category_lookup.result.url". Hope it's clear.

Nicolas_Destor's avatar
Nicolas_Destor
Icon for Cirrostratus rankCirrostratus
Jul 22, 2019

That works with LTM+APM mode and webtop mode also. I never tried with connectivity ressource like RDP or VPN, only with portal access. If the URL requested when clicking on the resource can be determined, then per-request policy can be invoked.

 

As you described your solution, a per-request policy instead of an iRule should be possible normally. The advantage of that is to keep the same APM session between each VS.