Forum Discussion

Nimbostratus

12 years ago

iRule request for APM

Hello all. I'm looking for an irule that will force the session through an APM profile based on the URL that is being accessed even if an APM profile has already been processed. Currently i...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

12 years ago

This is a somewhat the reverse of what you're doing now, but give this a shot:

when HTTP_REQUEST {
    if { ( [HTTP::cookie exists MRHSession] ) or ( [class match [string tolower [HTTP::uri]] starts_with my_private_uris] ) } {
        return
    } else {
        ACCESS::disable
        return
    }
}

where "my_private_uris" would be a string-based data group containing the root path of all of the private URIs (the URIs that require an access policy). Example:

ltm data-group internal /Common/my_private_uris {
    records {
        /private { }
        /secure { }
        /finance { }
        /admin { }
    }
    type string
}

The idea here is that as long as the user 1) hasn't accessed one of these URI patterns, and 2) doesn't already have an active APM session, disable the policy for this request.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)