For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 29, 2013

I'm also going to assume that you do not see the logon page, and that is to be expected with clientless-mode. The primary use case for clientless-mode is to disable the default HTTP redirect mechanism that APM uses to start a policy evaluation. With clientless-mode enabled, the client is NOT redirected to the special policy URI (/my.policy), but rather "falls through" the policy. The session token that is normally sent in the first redirect is now sent in the FIRST RESPONSE from the server. The down side of clientless-mode is that it doesn't generally allow for "blocking" policy objects like message boxes, logon pages, and webtops. AAA objects and SSO do still work.