For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 21, 2015

Hi,

 

the following code is an example of logout solutions with irules for sharepoint.

 

when ACCESS_ACL_ALLOWED {
   switch -glob [string tolower [HTTP::path]] {
      "*/signout.aspx" {
          Disconnect session and redirect to APM logout Page
         ACCESS::respond 302 noserver Location "/vdesk/hangup.php3"
         return
      }
      "/_layouts/accessdenied.aspx" {
          Disconnect session and redirect to APM Logon Page
         if {[string tolower [HTTP::query]] contains "loginasanotheruser=true" } {
            ACCESS::session remove
            ACCESS::respond 302 noserver Location "/"
            return
         }
      }
      default {
          do nothing
      }
   }
}

the event will raise only when ACCESS_ACL_ALLOWED user is already authenticated.

 

there is 2 solutions sont close session:

 

  • action ACCESS::session remove which remove session without any redirection. that's why I redirect user to / just after.
    • this initiate a new session in APM displaying login page.
  • redirect user to /vdesk/hangup.php3 which is APM logout URL.
    • this will close the session and display logout page to user.