Forum Discussion

Shyam_Shukla's avatar
Shyam_Shukla
Icon for Nimbostratus rankNimbostratus
Aug 17, 2019

Apply per-session policy only for given set of URLs

Hello All,

 

Our per-session policy is configured to have SAML authentication. By default, all the incoming requests to Virtual Server require SAML authentication but our requirement is to apply per-session policy (i.e. SAML authentication) only for given set or URLs and rest of the URLs should be whitelisted (i.e. per-session policy should not be applied).

 

I've implemented below iRule to implement above requirement. Please help to review it and let me know if it needs any changes to fulfill this use-case:

 

when RULE_INIT {

   # data groups - list of URIs that should to allowed through per-session policy

   set static::secure_url_list secure_urls_list ;

}

 

when HTTP_REQUEST {

 

       if {[class match [HTTP::path] equals $static::secure_url_list]} {;

                   log local0.debug "Found [HTTP::path] in secure_url_list"

                   ACCESS::enable

       } else {

                ACCESS::disable

   }

 }

 

Thanks,

Shyam

  • Hi,

    Can you try this iRule without RULE_INIT?

    when HTTP_REQUEST {
    	if { class match [HTTP::path] equals secure_urls_list } {
    		log local0.debug "Found [HTTP::path] in dg_secure_urls_list"
    		ACCESS::enable
    	} else {
    		# log local0.debug "Not found [HTTP::path] in dg_secure_urls_list"
    		ACCESS::disable
        }
    }

2 Replies

  • Hi,

    Can you try this iRule without RULE_INIT?

    when HTTP_REQUEST {
    	if { class match [HTTP::path] equals secure_urls_list } {
    		log local0.debug "Found [HTTP::path] in dg_secure_urls_list"
    		ACCESS::enable
    	} else {
    		# log local0.debug "Not found [HTTP::path] in dg_secure_urls_list"
    		ACCESS::disable
        }
    }