For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Michael_Jenkins's avatar
Michael_Jenkins
Icon for Cirrostratus rankCirrostratus
Nov 17, 2015

When using an ACCESS_POLICY_AGENT_EVENT, you'll want to check the [ACCESS::policy agent_id], which is the value that you set in the iRule Event object in the VPE. You'll also need to associate the iRule with your VS. The code you have now would run any time an iRule event from the VPE is used because it's not checking to make sure on that specific one should run.

So your iRule might look something like this (notice the agent_id check, and the value should be the same as the iRule Event one). The code is a little different than yours, but I copied the idea from an iRule I'm using.

 

when ACCESS_POLICY_AGENT_EVENT { 
     check for policy agent_id 
    if { [ACCESS::policy agent_id] eq "set_timeout_values" } {
        switch -glob [ACCESS::session data get "session.ad.last.attr.memberof"] {
            "*CN=Standard_SSL_Users*" {
                ACCESS::session data set session.inactivity_timeout 150 
                ACCESS::session data set session.max_session_timeout 200
                log local0.notice "Inactivity and Max timeout set" 
            }
        }
    }
}

 

Hope this helps.