Forum Discussion

Nimbostratus

Apr 17, 2019

APM session expired HTTP code

Hello community, I am facing an interesting situation with F5 APM being deployed as a proxy in front of an application. A little background: the application itself is a mix of HTTP/AJAX/JS which...

application delivery

BIG-IP Access Policy Manager (APM)

Kai_Wilke

MVP

Apr 17, 2019

Hi JevgeniR,

APM does not utilize a specific response page for expired sessions. It just starts a new APM session and then redirects the user to /my.policy.

To stop those background JSON request from creating new APM sessions and also to respond those request with a 403 - Access Denied status code, you could attach the iRule below to your Virtual Server.

when ACCESS_SESSION_STARTED {
  if { [HTTP::header value "Accept"] starts_with "application/json" } { 
    ACCESS::session remove ACCESS::respond 401 "Access Denied" 
  } 
}

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM session expired HTTP code

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

irule help - pool command and ERR_RTE Routing problem

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Credentialed Scanning - F5OS - Rseries

F5 Big-IQ read-only API username creation.

Will the F5 BIG-IP DDoS Hybrid Defender(DHD) be available on a platform like F5OS/rSeries

Related Content

HTTP Session Limit

HTTP session limit

Cache Expire

LTM Certificate expire

Identify and cleanse expired and soon to expire certs from BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS