Hello, I am using the iRule below to close Outlook Web App 2013 sessions. At the first sight it works correctly and shows the F5 logoff page (/vdesk/hangup.php3). However, OWA 2013 has a javascript that performs a hidden POST to the server on the onunload event to close the session on the server side. This happens right after the session is closed by the F5 logoff page. So it automatically creates a new APM session and when the user clicks on "Click here to login again" he/she sees the message below coming from APM: "Access policy evaluation is already in progress" How can I avoid this message? I tried to do ACCESS::session remove on in response to this last hidden POST but it didn't help. I also tried to introduce some delay before redirecting the user to the F5 logout page in order to let it perform the last POST but it did not work either. when HTTP_REQUEST { Set the uri variable set uri [string tolower [HTTP::uri]] Check if the user clicked the OWA signout link and redirect to the F5 logout page if { $uri contains "/logoff.owa" || $uri contains "/logoff.aspx" } { HTTP::redirect "/vdesk/hangup.php3" } }

Can you differentiate the hidden JavaScript request from other requests? And validate that this request is ONLY sent at logoff? Without looking at it in detail, wondering if you could just issue an ACCESS::disable command on receipt of this specific request.

Hi East Coast, Have you tried using the iRule from page 82 of the deployment guide: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf I don't run into this issue when using the iRule from the guide. thanks Mike

Which one? The one you have to create, or the ones listed in the "non-default settings/notes" portion?

The one in the "Creating the iRule to terminate inactive APM sessions" section (page 86 of the current guide).

I resolved this issue by applying this iRule included in the deployment guide: when HTTP_REQUEST { if { [HTTP::cookie exists "IsClientAppCacheEnabled"] } { HTTP::cookie "IsClientAppCacheEnabled" False } } It is on page 59 of the 1.4.0rc1 guide. It is not included in the "Creating the iRule to terminate inactive APM sessions" iRule.

How to avoid "Access policy evaluation is already in progress"

Kevin_Stewart
Employee
Oct 09, 2013
Can you differentiate the hidden JavaScript request from other requests? And validate that this request is ONLY sent at logoff? Without looking at it in detail, wondering if you could just issue an ACCESS::disable command on receipt of this specific request.
mikeshimkus_111
Historic F5 Account
Oct 16, 2013
Hi East Coast,

Have you tried using the iRule from page 82 of the deployment guide: http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

I don't run into this issue when using the iRule from the guide.

thanks

Mike
- Greg_112502
  Nimbostratus
  Jan 30, 2014
  Which one? The one you have to create, or the ones listed in the "non-default settings/notes" portion?
- mikeshimkus_111
  Historic F5 Account
  Jan 30, 2014
  The one in the "Creating the iRule to terminate inactive APM sessions" section (page 86 of the current guide).
- Misty_Spillers
  Nimbostratus
  Nov 22, 2017
  Please help. I'm using APM BIG-IP 12.1.2 Build 1.0.271 Hotfix HF1 and iAPP (tried as well)
  
  I login once everything is fine then if I try again I get "Access policy evaluation is already in progress for your current session." Everytime. doesn't matter if I close the browser. The only way around it is in private mode. I have tried everything in this thread and nothing seems to work. I seem to have the rule for "Creating the iRule to terminate inactive APM sessions" on from the iAPP but I still get the error. Anyone know what I am missing?
  
  Thanks,
  
  Misty
matt_64003
Cirrus
Aug 12, 2014
I resolved this issue by applying this iRule included in the deployment guide:

when HTTP_REQUEST { if { [HTTP::cookie exists "IsClientAppCacheEnabled"] } { HTTP::cookie "IsClientAppCacheEnabled" False } }

It is on page 59 of the 1.4.0rc1 guide. It is not included in the "Creating the iRule to terminate inactive APM sessions" iRule.
- clarkede
  Nimbostratus
  Nov 16, 2016
  Where can I get this "Deployment Guide" you refer to??? As in a specific link or site to get it from. F5 has several login sites, so help as to which one would be great. I tried looking for this several months ago and I gave up.
  
  Thanks in advance!
- matt_64003
  Cirrus
  Nov 16, 2016
  You can find the latest Exchange iApp Deployment Guide here: https://www.f5.com/pdf/deployment-guides/microsoft-exchange-iapp-dg.pdf
  
  There are two iRules on page 72. Use the one that is appropriate for your BIG-IP version.
- clarkede
  Nimbostratus
  Nov 16, 2016
  Thanks for the link. I have downloaded the guide, but have a question about implementing the iRule in the guide. I currently have a "when HTTP_REQUEST {..." iRule that checks inbound traffic and redirects to one of two servers based on URI value. I know this is basic since I am new, but do I add a NEW iRule, or just modify the logic of my existing iRule and add this one in to it??? Also, if adding it to my existing iRule, would it matter if it is at the top or should it go in its own loop of some sort.
  
  For discussion purposes, let me simplify my iRule and add the iRule from the manual to see if this makes sense (not sure why formatting isn't working but code starts now:
  
  when HTTP_REQUEST { if { [HTTP::cookie exists "IsClientAppCacheEnabled"] } { HTTP::cookie "IsClientAppCacheEnabled" False }
  
  switch -glob [string tolower [HTTP::uri]] { "/login/*" { pool private_https_pool HTTP::header insert CERT_SUBJECT "[ACCESS::session data get session.ssl.cert.subject]" } default { ACCESS::disable pool public_https_pool }
  }