Forum Discussion
NimbostratusCapture Device ID(ASM Fingerprint) within an access policy under APM module.
AltocumulusHi Sarthak,
You can pass the ASM Device ID as part of HTTP Header to APM.
So basically, it will be three steps process:
1) Insert ASM Device ID to HTTP Header.
Inside your existing ASM iRule, add this code:
when ASM_REQUEST_DONE {
set device_id [ASM::fingerprint]
set ip [IP::client_addr]
log local0. "Device ID: $device_id, IP: $ip"
}
when HTTP_REQUEST_SEND {
clientside {
# Need to force the host header replacement and HTTP:: commands into the clientside context
# as the HTTP_REQUEST_SEND event is in the serverside context
HTTP::header insert "device_id" "$device_id"
}
}
2) Extract Device ID from HTTP Header and set it as a custom variable in APM.
Create a new iRule and call it in your APM policy:
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when ACCESS_SESSION_STARTED {
#push the device id from the HTTP header to the access policy. Below line brings the device_id value from ASM iRule to APM iRule.
set device_id [HTTP::header value "device_id"]
log "http request to [HTTP::uri] with device_id: $device_id"
ACCESS::session data set "session.custom.device_id" "$device_id"
# Above line defines the custom device_id variable for APM session because in APM device_id variable does not exist.
3) Now you can use this new APM session variable in your access policy: [ACCESS::session data get "session.custom.device_id"]
I hope it helps.
Regards
