For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Yaoxie_117356's avatar
Yaoxie_117356
Icon for Nimbostratus rankNimbostratus
Aug 09, 2016

how do I initiate a http request to backend pool member when client pass APM authentication

Hi folk,   Here is the background, initially client send out a request and F5 send back HTTP 200 on behalf of server, F5 then perform the RSA authentication, so far there is no packet sent to back...
application delivery
BIG-IP Access Policy Manager (APM)
Lucas_Thompson_'s avatar
Lucas_Thompson_
Historic F5 Account
Aug 10, 2016

The normal way that LTM+APM / Web Access Management works is:

 

  1. User access https://apm.example.com/ - this is a GET for URI="/", from a web browser with no payload. This "/" URI is stored in a session variable in APM called "session.server.landinguri".
  2. APM gets request and respond with 302 to /my.policy with temporary session cookie
  3. User's browser GETs /my.policy
  4. APM responds with a logon page, message box, or whatever is in Access Policy
  5. 3+4 continue until Access Policy is complete
  6. APM 302s user to contents of variable "session.server.landinguri", stored from step 1. They also get the final session cookie.
  7. User GETs same thing as step 1, but now they have a session cookie and session is in "Allowed" state, so request is forwarded to pool attached to the virtual.

So that is normal operation. What about it is not good for your use case?

 

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Aug 10, 2016

I agree this is the normal operation, but only if the request method is GET.

 

If the request method is POST, the step 7 will be replaced by GET and may cause an issue.