For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JD1's avatar
JD1
Icon for Altostratus rankAltostratus
Mar 05, 2014

iRule to detect the URI for the hangup process.

Hello,

I'm trying to use an LTM iRule to detect for when the /vdesk/hangup.php3 is called as part of an APM policy, so that I can do something with the logout prior to the completion of the APM policy. Before starting to do anything in-depth I just wanted to see that my IF statement is being matched using a log command:

when HTTP_REQUEST {
    if { [HTTP::path] starts_with "/vdesk/hangup.php3" } {
        log "Detected logout process trigger."
    }
}

What I find is, despite the URL being correct (case and all) when the user triggers it, LTM iRule doesn't see the request. Does APM intercept this before LTM iRules can do anything? Is there a way I can get the LTM to detect this URI/Path being hit?

Many thanks,

JD

application delivery
BIG-IP Access Policy Manager (APM)
design
devops
iRules
security

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 05, 2014

    This is one of those URIs that APM hides. It can be accessed by disabling restrict_irule_events:

    when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable 
}
when HTTP_REQUEST {
    if { [HTTP::path] starts_with "/vdesk/hangup.php3" } {
        log local0. "Detected logout process trigger"
    }
}
  • JD1's avatar
    JD1
    Icon for Altostratus rankAltostratus
    Mar 05, 2014

    Brilliant Kevin, thanks for the prompt response. I didn't spot the restrict_irule_events, good shout.

     

    Testing now, will post how I get on shortly.