For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Jan 29, 2018

BigIP APM 12.1.3: username variable session.logon.last.username empty

variable was working in 11.5.   variable is working in chrome and firefox.   variable is not working in IE 11.   Any clues?   variable is used in an AD Query:   (sAMAccountName=%{sessi...
application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)
JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Jan 30, 2018

I have an irule which triggers an access policy based on a condition => $EnableAPMPolicy equals 1

 when HTTP_REQUEST {
ACCESS::disable     
if { $EnableAPMPolicy equals 1 } {       
    ACCESS::enable
}

}

So by default I set ACCESS::disable in the HTTP_REQUEST. This was preventing IE from getting the username variable somehow. I added a condition which only calls ACCESS:disable if $PolicyEnabled = 0 Now IE is happy and variable is passed along.

     when HTTP_REQUEST {

if { $EnableAPMPolicy equals 0 } {       
    ACCESS::disable
}

if { $EnableAPMPolicy equals 1 } {       
    ACCESS::enable
}

}

JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Jan 30, 2018

After some tests this configuration interferes with office web apps. I have to keep the access:disable by default. Anyone know why this prevents IE from passing the session variable in APM?