Hi,
Milk_man, i can't use the HTTP 401 agent within APM because some client don't support the redirection to /my.policy that APM need to authenticate.
however, i rewrite the HTTP_REQUEST layer and it's work now in v11.1 :D
Look my new irule :
when HTTP_REQUEST {
if { [ACCESS::policy result] eq "deny" } {
HTTP::header insert "clientless-mode" 1
set username [HTTP::username]
set password [HTTP::password]
HTTP::cookie remove LastMRH_Session
HTTP::cookie remove MRHSession
HTTP::header remove Authorization
} elseif { [ACCESS::policy result] ne "allow" } {
HTTP::header insert "clientless-mode" 1
if { [HTTP::header Authorization] eq "" } {
HTTP::respond 401 WWW-Authenticate Basic realm=\"Unspecified\" Connection close
return
} else {
set username [HTTP::username]
set password [HTTP::password]
HTTP::header remove Authorization
}
}
}
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "no_redirect" } {
if { [info exists username] } {
ACCESS::session data set session.logon.last.username $username
ACCESS::session data set session.logon.last.password $password
}
}
}
when ACCESS_POLICY_COMPLETED {
if { [ACCESS::session data get session.ldap.last.authresult] eq "0" } {
ACCESS::respond 401 content "Error: Failure in Authentication" Connection close
return
}
thank all