For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Telnet_178675's avatar
Telnet_178675
Icon for Nimbostratus rankNimbostratus
Sep 16, 2016

APM Irule to Select Pool

we have iapp Irule for APM , which Send Exchange Traffic to Certain Pool based on URI ( OWA to Pool-OWA , Active Sync to Pool-Sync ) it is Working Fine However we need to Exclude Certain AD Group to be redirected to Certain Pool Pool-Exclude , we did another Irule & it seems matching but after it Matches the Original APM Irule Overrides it How to Combine Two Irule Together ?

 

application delivery
BIG-IP Access Policy Manager (APM)
iRules

2 Replies

  • Telnet_178675's avatar
    Telnet_178675
    Icon for Nimbostratus rankNimbostratus
    Sep 16, 2016

    Our Custom Irule :

    when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "activesync" } { pool Pool-Exclude

     }

    }

    Iapp Irule :

    when ACCESS_ACL_ALLOWED { set sessionid [ACCESS::session data get "session.user.sessionid"] switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync" { TCP::idletime 1800 pool /Common/Test-Irule-test.app/Test-Irule-Test_pool7 persist uie $sessionid 7200 COMPRESS::disable CACHE::disable return } "/owa" {

            pool /Common/Test-Irule-test.app/Test-Irule-test_owa_pool7
        log local0. "Irule excuted"
        if { [ACCESS::session data get "session.custom.owa.trusted"] == 0 }  {
            if { [HTTP::cookie exists "PrivateComputer"] }  {
                HTTP::cookie remove "PrivateComputer"
            }
        }
persist uie $sessionid 7200
        return
    }
    "/ews*" {
        pool /Common/Test-Irule-test.app/Test-Irule-test_ews_pool7
persist uie $sessionid 7200
        COMPRESS::disable
        CACHE::disable
        return
    }
    "/ecp*" {

        pool /Common/Test-Irule-test.app/Test-Irule-test_owa_pool7
persist uie $sessionid 7200
        return
    }
    "/oab*" {
        pool /Common/Test-Irule-test.app/Test-Irule-test_ews_pool7
        persist none
        return
    }
    "/rpc/rpcproxy.dll*" {
        pool /Common/Test-Irule-test.app/Test-Irule-test_oa_pool7
        COMPRESS::disable
        CACHE::disable
persist uie $sessionid 7200
        return
    }
    "/autodiscover*" {

        persist none
        return
    }
    default {
         This final section takes all traffic that has not otherwise
         been accounted for and sends it to the pool for Outlook Web
         App
        pool /Common/Test-Irule-test.app/Test-Irule-test_owa_pool7
persist uie $sessionid 7200
    }
}

    } when HTTP_RESPONSE { if { ( [HTTP::header exists "WWW-Authenticate"] && [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate" ) || ( [HTTP::header exists "Persistent-Auth"] && [string tolower [HTTP::header "Persistent-Auth"]] contains "true" ) } { ONECONNECT::reuse disable ONECONNECT::detach disable NTLM::disable } if {[HTTP::header exists "Transfer-Encoding"]} { HTTP::payload rechunk } }