For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AngryCat_52750's avatar
AngryCat_52750
Icon for Nimbostratus rankNimbostratus
Oct 24, 2013

APM Logout page redirect

We have built out a custom APM login page that does AD auth for us in the back-ground. Is there are a way, if the user enters in incorrect credentials to redirect them to the login page again instead of us seeing the default F5 error page??

I tried this with a 302 redirect but got stuck in a loop...

    when HTTP_REQUEST {
            switch -glob [string tolower [HTTP::uri]] {        
                "/vdesk*" { HTTP::respond 302 Location "http://login.example.com/" }
                 } }

Any ideas??

application delivery
BIG-IP Access Policy Manager (APM)
deployment
design
devops
iRules
security

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 24, 2013

    A logon page, by default, should give the user three tries before failing to the error page. Do you want it to go back to the logon page instead?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 24, 2013

    I came across something similar recently. The AD auth agent doesn't function the way you might think it does, and it won't generally allow you bounce back to the logon page after a set number of tries, or fail to another AD auth agent for that matter. The way we handled it was by first querying the directories (AD or LDAP query) for the user, and then performing the AD auth based on the known AD domain. You might alternately try to invalidate the APM session and then issue the redirect, but I'm not 100% certain that'll work either.