Forum Discussion
Lucas_Thompson_
Historic F5 Account
The normal way that LTM+APM / Web Access Management works is:
- User access https://apm.example.com/ - this is a GET for URI="/", from a web browser with no payload. This "/" URI is stored in a session variable in APM called "session.server.landinguri".
- APM gets request and respond with 302 to /my.policy with temporary session cookie
- User's browser GETs /my.policy
- APM responds with a logon page, message box, or whatever is in Access Policy
- 3+4 continue until Access Policy is complete
- APM 302s user to contents of variable "session.server.landinguri", stored from step 1. They also get the final session cookie.
- User GETs same thing as step 1, but now they have a session cookie and session is in "Allowed" state, so request is forwarded to pool attached to the virtual.
So that is normal operation. What about it is not good for your use case?
Stanislas_Piro2
Aug 10, 2016Cumulonimbus
I agree this is the normal operation, but only if the request method is GET.
If the request method is POST, the step 7 will be replaced by GET and may cause an issue.