Forum Discussion
ddubya_152376
Nimbostratus
Nimbostratusf5 Access Policy Manager AJAX vs Non-Ajax Request Handling with Authentication
I'm implementing a Single Page Application (Javascript/AJAX Based) leveraging the f5 as the Identity Provider and Service Provider for Single-Sign-On. The Web app sits behind the f5 in Apache, and th...
kunjanNimbostratus
NimbostratusWill this iRule only hit when the session has expired or is invalid?
No, this will hit as long as the header matches. Assumption is the first time you hit APM you don't have this header. Again, I'm not sure how you want to handle the 401 response.
Create the irule - Local Traffic ›› iRules : iRule List ›› Create
Add to VS- Local Traffic ›› Virtual Servers : Virtual Server List ›› ›› iRule Manage
ddubya_152376I don't want to have every HTTP Request with the X-Requested-With header to cause a 401 Unauthorized response. I only want requests, where the f5 normally responds with a 302 redirect to /my.policy because the user's session has expired, to respond with a 401 http response when the request has the header X-Requested-With: XMLHttpRequest. I'm looking to customize the request handling behavior the f5 uses when it detects that the user's request is unauthorized. I'm wondering if something like this is possible? ``` when ACCESS_SESSION_EXPIRED { if { [HTTP::header "X-Requested-With" ] equals "XMLHttpRequest" } { ACCESS::respond 401 } } ```
