Forum Discussion

fredlubrano's avatar
Nov 14, 2023

Custom APM Logon page Access policy evaluation is already in progress for your current session

Hello,

I am trying to solve a problem as I am blocked by the following message,

When I click on the link '<p>Please register <a href='/register.php'>here</a> if you don't have an account yet.</p>'.":

'Access policy evaluation is already in progress for your current session.'

I have tried several solutions, but to no avail. I am considering implementing this solution: https://community.f5.com/t5/technical-forum/big-ip-16-0-apm-logon-page-and-href-links/m-p/236761. Does anyone have a suggestion?

Thank you, Fred.

 

define(["require", "exports", "tslib", "module", "apmui/page/logon/View"], function (require, exports, tslib_1, module, View_1) {
    "use strict";
    Object.defineProperty(exports, "__esModule", { value: true });
    requirejs.config({
        map: {
            'apmui/master/View': {
                'apmui/page/logon/View': module.id,
            },
        },
    });
    /* Replacement View component */
    var CustomLogonView = /** @class */ (function (_super) {
        tslib_1.__extends(CustomLogonView, _super);
        function CustomLogonView() {
            return _super !== null && _super.apply(this, arguments) || this;
        }
        CustomLogonView.prototype.componentDidMount = function () {
            _super.prototype.componentDidMount.call(this);
 
            var content = document.getElementsByClassName('apmui-content')[0];
            
            var message = document.createElement('div');
            message.style.cssText = 'max-width: 400px; width: 100%; padding-top: 20px;';
            message.id = "message";
            message.innerHTML = '<p>Please register <a href=\'/register.php\'>here</a> if you don\'t have an account yet.</p>';
            content.appendChild(message);
            
 
        };
        return CustomLogonView;
    }(View_1.default));
    exports.default = CustomLogonView;
});

 

 

  • Hello, I think I need to take a vacation 🙂 It's just a small irule and a landing URI issue. Fred.

     

     

    when HTTP_REQUEST {
        # Log de début
        log local0. "DĂ©but de traitement de la requĂȘte : [HTTP::uri] avec le referer : [HTTP::header "Referer"]"
    
        # VĂ©rifiez si l'URI et le referer correspondent Ă  vos critĂšres
        if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } {
            
            # VĂ©rifiez la valeur de la variable de session F5 APM
            set policyResult [ACCESS::session data get "session.policy.result"]
            log local0. "session.policy.result = $policyResult"
    
            # Si la variable de session n'est pas 'allow', supprimez les cookies
            if {$policyResult ne "allow"} {
                log local0. "La condition de session APM est remplie. Suppression des cookies."
    
                # Supprimez les cookies MRHSession et LastMRH_Session
                HTTP::cookie remove "MRHSession"
                HTTP::cookie remove "LastMRH_Session"
            } else {
                log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimés."
            }
        }
    
        # Log de fin
        log local0. "Fin de traitement de la requĂȘte : [HTTP::uri]"
    }

     

     

  • That error happens in this situation:

    1. A user visits an APM-protected URL
    2. APM creates a session and sent the session cookie in a 302 redirect to "/my.policy"
      The session is now in "pending" state and is waiting for POSTs to /my.policy to continue moving through the policy
    3. The user's browser SHOULD send a GET to /my.policy with the session cookie, but instead it sends the APM session cookie in a GET, but not to "/my.policy" 
    4. APM responds with this error

    To work around this problem, let the browser follow the my.policy redirect and complete the access policy *before* visiting any other URLs.

  • Hello Thomas,
    first of all, thank you for your prompt response. I am in scenario number 2: my session is in 'pending' status, and I've tried using this iRule, but it results in a 'too many redirects' error. Do you have any suggestions for resolving this issue?
    Thanks,
    fred

    hen HTTP_REQUEST {
        
        if { [HTTP::uri] equals "/register.php" } {
            set landingURI [ACCESS::session data get "session.server.landinguri"]
            set policyResult [ACCESS::session data get "session.policy.result"]
    
    
            log local0. "VĂ©rification de l'URI de la requĂȘte : URI=[HTTP::uri], Landing URI=$landingURI, Policy Result=$policyResult"
    
    
            if { $landingURI equals "/" and $policyResult equals "not_started" and not [HTTP::cookie exists "MRHSession"] } {
                # Supprimez le cookie MRHSession et redirigez
                HTTP::cookie remove "MRHSession"
                HTTP::redirect "/register.php"
    
              
                log local0. "Redirection effectuée à cause des conditions remplies : Suppression de cookie MRHSession et redirection vers /register.php"
            }
        }
    }

     



    • fredlubrano's avatar
      fredlubrano
      Icon for Cirrus rankCirrus

      Hello, I think I need to take a vacation 🙂 It's just a small irule and a landing URI issue. Fred.

       

       

      when HTTP_REQUEST {
          # Log de début
          log local0. "DĂ©but de traitement de la requĂȘte : [HTTP::uri] avec le referer : [HTTP::header "Referer"]"
      
          # VĂ©rifiez si l'URI et le referer correspondent Ă  vos critĂšres
          if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } {
              
              # VĂ©rifiez la valeur de la variable de session F5 APM
              set policyResult [ACCESS::session data get "session.policy.result"]
              log local0. "session.policy.result = $policyResult"
      
              # Si la variable de session n'est pas 'allow', supprimez les cookies
              if {$policyResult ne "allow"} {
                  log local0. "La condition de session APM est remplie. Suppression des cookies."
      
                  # Supprimez les cookies MRHSession et LastMRH_Session
                  HTTP::cookie remove "MRHSession"
                  HTTP::cookie remove "LastMRH_Session"
              } else {
                  log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimés."
              }
          }
      
          # Log de fin
          log local0. "Fin de traitement de la requĂȘte : [HTTP::uri]"
      }

       

       

      • Lucas_Thompson's avatar
        Lucas_Thompson
        Icon for Employee rankEmployee

        OK great! Sounds like you got it worked out.

        This is another situation where APM's weird "Landing URI" type session setup and handling is different than a normal web app.