Forum Discussion
Apply per-session policy only for given set of URLs
Hello All,
Our per-session policy is configured to have SAML authentication. By default, all the incoming requests to Virtual Server require SAML authentication but our requirement is to apply per-session policy (i.e. SAML authentication) only for given set or URLs and rest of the URLs should be whitelisted (i.e. per-session policy should not be applied).
I've implemented below iRule to implement above requirement. Please help to review it and let me know if it needs any changes to fulfill this use-case:
when RULE_INIT {
# data groups - list of URIs that should to allowed through per-session policy
set static::secure_url_list secure_urls_list ;
}
when HTTP_REQUEST {
if {[class match [HTTP::path] equals $static::secure_url_list]} {;
log local0.debug "Found [HTTP::path] in secure_url_list"
ACCESS::enable
} else {
ACCESS::disable
}
}
Thanks,
Shyam
Hi,
Can you try this iRule without RULE_INIT?
when HTTP_REQUEST { if { class match [HTTP::path] equals secure_urls_list } { log local0.debug "Found [HTTP::path] in dg_secure_urls_list" ACCESS::enable } else { # log local0.debug "Not found [HTTP::path] in dg_secure_urls_list" ACCESS::disable } }
Hi,
Can you try this iRule without RULE_INIT?
when HTTP_REQUEST { if { class match [HTTP::path] equals secure_urls_list } { log local0.debug "Found [HTTP::path] in dg_secure_urls_list" ACCESS::enable } else { # log local0.debug "Not found [HTTP::path] in dg_secure_urls_list" ACCESS::disable } }
- Shyam_ShuklaNimbostratus
Thank you for your suggestions. It works fine.
Shyam
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com