Forum Discussion
NimbostratusChange Redirect Location for APM-OAM Response
When an unauthenticated user tries to access a VS that has the OAM WebGate enabled on it, is there a way to change the redirect sent back to the user using an iRule?
I tried to create an iRule for HTTP_RESPONSE, but it doesn’t appear that the response from the WG triggers this event. I see the request go to HTTP_REQUEST, and then to the OAM WG where the redirect to the login page occurs, but haven’t found any iRule events where I could change the 302.
Any thoughts or suggestions are appreciated.
3 Replies
- Kevin_Stewart
Employee
You mention APM here, so can I assume you mean the 302 redirect to /my.policy? If so, changing that would break the policy.
aaron_l_134531Kevin,
Yes, the /obrareq.cgi 302.
I have a sideband request that calls off to a service that does the authentication piece with OAM and returns an obssocookie, then the iRule does a set of the cookie, the APM/OAM WG do the session validation/ATZ on the user, and allow the user access to the protected resource. All of that is done without being directed to the standard obrareq + cred collect process.
The issue comes when a user's session in OAM becomes invalid (timeout/deleted). When that happens, I was looking to intercept the 302 the WebGate creates to the obrareq page.
Do you know if that is possible?
Thanks
- Kevin_Stewart
Add this to your iRule and see if that lets you see the HTTP_RESPONSE event and redirect:
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable }
