For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

navgup_66025's avatar
navgup_66025
Icon for Nimbostratus rankNimbostratus
Aug 08, 2013

Auth_Status and Persist

1) I have PoolK and PoolF and default pool has to be PoolK   2) first client request always go to PoolK   3) Check if client has been authenticated to PoolK using Auth_status command, if YES pe...
application delivery
dev
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 10, 2013
I think the bigger issues are this:

1. When the server sends back a 401, presumably to request authentication, you're immediate changing that to a 302 redirect. I don't suspect you're getting prompted for authentication??

2. If you let the 401 through to the client (don't do the redirect), then you should only need to check for the existence of the "PD-S-SESSION-ID-PROD2" cookie (sent in the 401) on each future request to send traffic back to poolK. So perhaps something like this: 


when HTTP_REQUEST {
    if { ( [string tolower [HTTP::uri]] starts_with "/nad" ) or ( [HTTP::cookie exists PD-S-SESSION-ID-PROD2] ) } {
        pool poolK
    }
}

You would also want to enable a OneConnect profile and (simple) cookie persistence.