For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rafaelbn's avatar
rafaelbn
Icon for Cirrostratus rankCirrostratus
Jan 09, 2018

Woohoooo!

It worked!!! \o/

This is the final iRule.

when ACCESS_POLICY_AGENT_EVENT {
     if { [ACCESS::policy agent_id] eq "irule_SMS" } {
            if {[active_members pool_SMS] > 0} {
                ACCESS::session data set session.custom.sms_server "up"
            } else {
                ACCESS::session data set session.custom.sms_server "down"
        }
      }
}

The policy was like this:

The iRule event like this:

And the branch rule like this:

Believe it or not, I got stuck because I forgot to apply this iRule under the VS that this APM policy is running.

Session variables were logged like this:

5c319b08.session.custom.sms_server 4 down
e33364e8.session.custom.sms_server 2 up

In this specific test, the result was that when the pool_SMS was available (active members were greater than zero), user got the logon page and when pool_SMS was down (active members was zero), user got the message box. Now I just have to replicate this on my environment before the MFA policy block.

Thanks Daniel! Really appreciate the help!