For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Alam_45640's avatar
John_Alam_45640
Historic F5 Account
Sep 08, 2014

You should check for the agent id since you may call the agent from multiple places/branches within the VPE. The only way the iRule knows where the agent was called from is by inspecting the agent_id. 

when ACCESS_POLICY_AGENT_EVENT { 
     if { [ACCESS::policy agent_id] eq "time_to_inspect_username" } {
         set user [ACCESS::session data get session.logon.last.username]
         if { [class match $user equals DataGroupList_A] } { 
            ACCESS::session data set session.logon.last.username_found_in_list 1
         } else {
            ACCESS::session data set session.logon.last.username_found_in_list 0
         }
      }
}

After the Agent is called, you can use an Empty Agent to istpect the new variable session.logon.last.username_found_in_list and branch accordingly.

To troubleshoot view the session variable for an Active session under Reports/sessions. Then drill down to the variable session.logon.last.username_found_in_list and see if it is being set properly.

You can also add log commands to the irule to send messages to the /var/log/ltm.

You can also add message popup to the policy to view the variable ${session.logon.last.username_found_in_list}.

HTH