Forum Discussion
NimbostratusHow to send the "HTTP::header insert" to the backend server using VPE (LTM+APM Mode)
Hey Guys,
Could anyone advise how I can send:
HTTP::header insert USER "[ACCESS::session data get session.logon.last.username]"
HTTP::header insert DOMAIN "[ACCESS::session data get session.custom.domain]"
to the back end servers once user is authenticated using VPE ?
Thanks,
Kevin_Davies_40Nacreous
This page will tell you what you need to know. More specifically the New events section... https://devcentral.f5.com/articles/http-event-order-access-policy-manager
Given the logs shows the ACCESS events do not appear to be triggered in APM+LTM mode the new events allow you to take actions post APM. The middle iRule is what you need. The others were just to confirm the behaviour.
when ACCESS_POLICY_COMPLETED { log local0. "in ACCESS_POLICY_COMPLETED 500" if {[ACCESS::policy result] eq "allow"} { HTTP::header insert USER "[ACCESS::session data get session.logon.last.username]" HTTP::header insert DOMAIN "[ACCESS::session data get session.custom.domain]" } } when HTTP_REQUEST_RELEASE priority 200 { log local0. "in HTTP_REQUEST_RELEASE 200" HTTP::header insert USER "[ACCESS::session data get session.logon.last.username]" HTTP::header insert DOMAIN "[ACCESS::session data get session.custom.domain]" } when HTTP_REQUEST_RELEASE priority 900 { log local0. "in HTTP_REQUEST_RELEASE 900" log local0. "Headers [HTTP::header names]" }
Stanislas_Piro2Cumulonimbus
Hi,
the ACCESS_ACL_ALLOWED is the best event to insert APM headers.
when ACCESS_ACL_ALLOWED { if {![info exists APMusername]} { set APMusername [ACCESS::session data get session.logon.last.username] } if {![info exists APMdomain]} { set APMdomain [ACCESS::session data get session.custom.domain] } HTTP::header insert USER $APMusername HTTP::header insert DOMAIN $APMdomain }Store these values in tcl variables for next requests,
commands temporarily suspend iRule processing and may be used only if required.ACCESS::session