Forum Discussion
East_Coast_1151
Nimbostratus
NimbostratusHow to avoid "Access policy evaluation is already in progress"
Hello,
I am using the iRule below to close Outlook Web App 2013 sessions. At the first sight it works correctly and shows the F5 logoff page (/vdesk/hangup.php3).
However, OWA 2013 has a javascri...
matt_64003
Cirrus
CirrusI resolved this issue by applying this iRule included in the deployment guide:
when HTTP_REQUEST { if { [HTTP::cookie exists "IsClientAppCacheEnabled"] } { HTTP::cookie "IsClientAppCacheEnabled" False } }
It is on page 59 of the 1.4.0rc1 guide. It is not included in the "Creating the iRule to terminate inactive APM sessions" iRule.
clarkedeWhere can I get this "Deployment Guide" you refer to??? As in a specific link or site to get it from. F5 has several login sites, so help as to which one would be great. I tried looking for this several months ago and I gave up.
Thanks in advance!
- matt_64003
You can find the latest Exchange iApp Deployment Guide here: https://www.f5.com/pdf/deployment-guides/microsoft-exchange-iapp-dg.pdf
There are two iRules on page 72. Use the one that is appropriate for your BIG-IP version.
- clarkede
Thanks for the link. I have downloaded the guide, but have a question about implementing the iRule in the guide. I currently have a "when HTTP_REQUEST {..." iRule that checks inbound traffic and redirects to one of two servers based on URI value. I know this is basic since I am new, but do I add a NEW iRule, or just modify the logic of my existing iRule and add this one in to it??? Also, if adding it to my existing iRule, would it matter if it is at the top or should it go in its own loop of some sort.
For discussion purposes, let me simplify my iRule and add the iRule from the manual to see if this makes sense (not sure why formatting isn't working but code starts now:
when HTTP_REQUEST { if { [HTTP::cookie exists "IsClientAppCacheEnabled"] } { HTTP::cookie "IsClientAppCacheEnabled" False }
switch -glob [string tolower [HTTP::uri]] { "/login/*" { pool private_https_pool HTTP::header insert CERT_SUBJECT "[ACCESS::session data get session.ssl.cert.subject]" } default { ACCESS::disable pool public_https_pool }}
Stanislas_Piro2Cumulonimbus
Hi,
I wrote the following irule to prevent "Access policy evaluation is already in progress" page and keep cache App cache enabled:
when ACCESS_SESSION_STARTED { log local0. "manu4: [IP::client_addr] from user agent: [HTTP::header value "User-Agent"], [HTTP::uri]" set landinguri [ACCESS::session data get session.server.landinguri] switch -glob $landinguri { "/owa/plt1.ashx?*" - "/owa/sessiondata.ashx?appcacheclient=1" - "/owa/userspecificresourceinjector.ashx?*&appcacheclient=1*" - "/owa/manifests/appCacheManifestHandler.ashx?owamanifest=1" { ACCESS::respond 403 -version "1.1" noserver "Connection" "Close" ACCESS::session remove return } } }If you want to insert header based on ACCESS session variable, it is better to do it in ACCESS_ACL_ALLOWED event:
when ACCESS_ACL_ALLOWED { HTTP::header insert CERT_SUBJECT "[ACCESS::session data get session.ssl.cert.subject]" }