Forum Discussion

vmunier_96939's avatar
Icon for Nimbostratus rankNimbostratus
Oct 23, 2013

APM authentication only for some urls

Hi, I have one virtual server defined in LTM. ( I would like to use APM to authenticate users accessing to my virtual server, but only for some URLs ( Others url must be accessible whitout authentication. I don't know really how to do that. I have tried to insert an access policy agent event to set a custom session variable based on the requested uri:



For this irules event, i have defined 2 branches: if Needauthentication ==0 so final action is ALLOW (no authentication):


The problem i see is the HTTP::uri in ACCESS_POLICY_AGENT_EVENT is "/renderer/agent_irule_event_form.eui" and not the original requested uri. Is it possible to retrieve the original requested uri from an ACCESS_POLICY_AGENT_EVENT ?


Maybe there is another method to do that? I would kike to avoid create another webservice only for unauthenticated url. If you have any idea? Thanks .


5 Replies

  • Hi, I have just find the variable {session.server.landinguri} so i can't now check the requested url to redirect or no to the external logon page. But a have a second problem: If the first requested url is "public" (not a protected url), i am allowed to acces it (it's good) but i'm also allowed for all the next requested url, even those in the protected folder (/EspacePersonnel/...)... I think I really have not used the right way to do it...
  • Hi, there is a box LandingURI, simpler than an irule, and you can set the right authentication steps just after. For ie, /public --> no auth. Else AD auth.


    Now, when user is granted, you want to allow only a part of the tree, correct ? In that case, you need to set ACL and assign ACL to the right branch.


    By default, when APM session is granted, all resources are allowed. You need to set ACL L7.


    En espérant que cela vous aide ;-)




  • Hi Matt, Thanks you for your advices. I'll try it. I have also find another way to authenticate the user only for some urls: with an very simple irules linked to my web service: when HTTP_REQUEST {


    Authenticate only for the /private folder:

    if {[HTTP::path] starts_with "/private"} { ACCESS::enable } else { ACCESS::disable } } It's working good for my needs.


  • How can I set it?

    I want to disable authentication for a specific url.

  • Has anyone tried this on OWA iapp template 1.6.2 when its working with APM access policy?