Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Franco_30420's avatar
Franco_30420
Icon for Nimbostratus rankNimbostratus
May 13, 2014

APM - Negate an expr

Hi,   I would like to negate an expr in my VPE, so i can test that a session variable does not contain a specific string.   I have tried to set the negation logical operator (! or "not") but it...
BIG-IP Access Policy Manager (APM)
deployment
security
nirobi03_194837's avatar
nirobi03_194837
Icon for Nimbostratus rankNimbostratus
Apr 14, 2015

I was having a similar issue and that worked for me as well. I wanted to assign Portal Access to all users unless they are in a specific AD Group.

 

I had an issue with spaces in the string. I had the ability to re-name the AD Group and removed spaces, but I am sure there is a way to make it work with spaces.

 

expr { [string match -nocase * AD Group Name * [mcget {session.ad.last.attr.memberOf}]] == 0 }

 

  • didnt work with spaces

expr { [string match -nocase * "AD Group Name" * [mcget {session.ad.last.attr.memberOf}]] == 0 }

 

  • didnt work with spaces and quotes

expr { [string match -nocase * ADGroupName * [mcget {session.ad.last.attr.memberOf}]] == 0 }

 

  • Since I was able to change the AD name, worked without spaces

If somebody would be able to provide an answer for getting this to work with spaces, that will be beneficial since changing the name or value isn't always possible.