For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Frank0ph's avatar
Frank0ph
Icon for Nimbostratus rankNimbostratus
Feb 28, 2020

Bypass security if url contains particular string

hi, I'm quite a newbie to F5 so apologies if I ask stupid questions!   We've got a new requirement to lock down one of our websites with 2FA for all users when accessing the site from outside of...
BIG-IP Access Policy Manager (APM)
iRules
security
NAG's avatar
NAG
Icon for Cirrostratus rankCirrostratus
Feb 28, 2020

Hi,

 

I believe you are going down the wrong way.

Once the MFA is successful, APM creates a session and tracks every transaction going through it by validating tokens and session cookies.

Access policy is to allow access to a authenticated user. if you want to use a iRule to bypass Access Policy if it contains a token, how do you validate the token/ticket?

 

We need to know more on the flow and access control requirements to guide you in the rite direction

 

Thank you,

Nag