Forum Discussion

Nimbostratus

Sep 10, 2013

Initiating Access Policy from iRules

I was reading the release notes for BIG-IP 11.4 and it says the following: - New iRules on the BIG-IP system allow access policies to be initiated from those iRules. http://support.f5.com/k...

Nimbostratus

Apr 22, 2015

Hi everyone,

we have the same problem here. Concept is basically to have another type of SAML auth when going to /admin URI. Using the iRule above does not do the trick for us. It looks like this:

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/admin" } {
      virtual apm_vs_ldap
    } else {
      virtual apm_vs_eid
    }
}

When using log we can see that the iRule if-statement get hit when using URI /admin. BUT we still use the Access Policy for VIP apm_vs_eid? This is strange, we have no idea why this is happening. Anyone have an update on this problem? Or is there any other way to use different Access Policys for the same VIP depending on the URI?

Cheers // Mattias

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)