For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MichaelatF5's avatar
MichaelatF5
Icon for Employee rankEmployee
Jul 29, 2014

Not sure if this is too late, or helps at all, but I have had some success in a lab environment. Just attach a default stream profile and this irule.

 

This will inject some javascript into the bottom of the page the looks for a user to close the browser, then transparent redirect to SignOut.aspx, which APM interprets as a logout and terminates the session (and persistent cookies). May not work in all environments, and this code only supports IE. For Firefox and Chrome you have to return a message. http://stackoverflow.com/questions/9626059/window-onbeforeunload-in-chrome-what-is-the-most-recent-fix

 

when HTTP_REQUEST {

    Looks for SharePoint hangup, kills APM session.
    Could also set via Logout URI Include setting in APM.
    if { [string tolower [HTTP::uri]] contains "signout.aspx"} {
        ACCESS::session remove
    }
    STREAM::disable
    HTTP::header remove "Accept-Encoding"
} 
when HTTP_RESPONSE {
     Check if response type is text
    if { [HTTP::header value Content-Type] contains "text" } {

         Define the stream replacement
         Change the 15 in the following line to the version of sharepoint being used 13 = 2007 / 14 = 2010 / 15 = 2013
        STREAM::expression {@@ @}
        STREAM::enable
    }
}