Forum Discussion

8 Replies

  • Yep, the best method is by user agent string and the allowance of the OS for MAC's.

     

     

    session.os.platform == "MacOS" OR

     

    session.os.platform == "Mac OS" OR

     

    session.os.platform == "MacOSX"

     

     

    Add this UAS string *iPad* into the new browser config and set it to like WAP or something. At this point, set a deny for all WAP devices.

     

  • Hi Mike thanks for your quick response , I'll appreciate if you can just point out this information on any F5 documents ? or guide reference if you know anyone ? Link ?

     

     

    Thanks
  • I don't know off hand. I guess you could just ask a support guy.

     

     

    https://support.f5.com/kb/en-us/solutions/public/9000/000/sol9074.html?sr=15796978
  • If you want to allow MAC's but block iPads, iPhones, iPod then one method I know which works is to analyse the session.browser.user_agent variable.

     

     

    https://support.f5.com/kb/en-us/solutions/public/12000/200/sol12238.html?sr=15810842

     

     

    If you are using the Check OS action you could add a new rule that will check for the session.browser.user_agent variable. Please remember that order does matter when defining rules. (i.e. if the rule session.os.platform is set to allow and the session.browser.user_agent is created below this rule and set to deny, an iPad will be presented with the FirePass logon screen. However if you put the session.browser.user_agent rule above the iPad will be denied)
  • Yeah, the problem with that is that you have to update the UAS everytime an update occurs. I would recommend placing a wildcard in the new browsers section to get set it to a specific OS and do allow/deny on that.
  • Hi Mike,

     

     

    Not sure I follow you when you mention 'new browsers section'? Are you saying create a new End User action? I'm always keen to use improved configuration methods hence my questions.

     

     

  • Go to the Admin Page -> Configuration -> New Browsers -> Classify the user agent by using wildcard *'s -> Associate the User Agent String to wap or something similar.

     

     

    In the Pre-logon sequence do an OS check for all WAP devices and choose deny.