Forum Discussion
NimbostratusiRule to disable APM not working as expected
when HTTP_REQUEST {
set header [HTTP::header "User-Agent"]
log local0. "Before Match --- Header is: $header"
if {[string tolower [HTTP::header "User-Agent"]] contains "mac os x" && [string tolower [HTTP::uri]] equals "/ews/exchange.asmx"} {
ACCESS::disable
log local0. "one time"
log local0. "URI: [HTTP::uri]"
pool /Common/exchange.app/exchange_oa_pool6
}
}
25 Replies
- boneyard
MVP
which version of TMOS? I experienced having to build in a timer in a similar situation before 11.4.
are you sure there are any requests to other URI also?
Rabbit23_116296when HTTP_REQUEST { set u [HTTP::header "User-Agent"] set uru [HTTP::uri] log local0.notice "user agent: $u and uri: $uru" if {[string tolower [HTTP::header "User-Agent"]] contains "mac os x" } { ACCESS::disable } } when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } Doesnt work and ltm logging shows only: Apr 7 10:29:29 loadbalancerhostname.something notice tmm2[18680]: Rule /Common/OS-X_Kill_Preauth : user agent: Mac OS X/10.10.2 (14C1514); ExchangeWebServices/5.0 (213); Mail/8.2 (2070.6) and uri: /EWS/exchange.asmx Apr 7 10:29:29 loadbalancerhostname.something notice tmm2[18680]: Rule /Common/OS-X_Kill_Preauth : user agent: Mac OS X/10.10.2 (14C1514); ExchangeWebServices/5.0 (213); Mail/8.2 (2070.6) and uri: /EWS/exchange.asmx Apr 7 10:29:30 loadbalancerhostname.something notice tmm2[18680]: Rule /Common/OS-X_Kill_Preauth : user agent: Mac OS X/10.10.2 (14C1514); ExchangeWebServices/5.0 (213); Mail/8.2 (2070.6) and uri: /EWS/exchange.asmx Apr 7 10:29:30 loadbalancerhostname.something notice tmm2[18680]: Rule /Common/OS-X_Kill_Preauth : user agent: Mac OS X/10.10.2 (14C1514); ExchangeWebServices/5.0 (213); Mail/8.2 (2070.6) and uri: /EWS/exchange.asmx Apr 7 10:29:30 loadbalancerhostname.something notice tmm2[18680]: Rule /Common/OS-X_Kill_Preauth : user agent: Mac OS X/10.10.2 (14C1514); ExchangeWebServices/5.0 (213); Mail/8.2 (2070.6) and uri: /EWS/exchange.asmx
MallariYap_1963still hard to get
kunjanIt should hit pool configured for the virtual server without creating access session. What do you expect in the logs?
- Rabbit23_116296What I expect in the logs is what I see and posted for everyone's clarity. It hits the pool just fine but my problem is the access session gets created!
kunjan_118660Cumulonimbus
It should hit pool configured for the virtual server without creating access session. What do you expect in the logs?
- Rabbit23_116296What I expect in the logs is what I see and posted for everyone's clarity. It hits the pool just fine but my problem is the access session gets created!
- kunjan
Tested the following iRule with curl
curl -k -L https://10.2.60.70
when HTTP_REQUEST { set u [HTTP::header "User-Agent"] set uru [HTTP::uri] log local0.notice "user agent: $u and uri: $uru" if {[string tolower [HTTP::header "User-Agent"]] contains "curl" } { ACCESS::disable } } when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when ACCESS_SESSION_STARTED { log local0.notice "Access session started" }Apr 8 22:03:50 bigip6 notice tmm1[15943]: Rule /Common/accessDisable : user agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1j zlib/1.2.3 libidn/0.6.5 and uri: /
The logs doesn't have the Access session started message. Is there anything else done in your iRule?
- Rabbit23_116296
hey thanks for taking the time to reproduce though my behaviour is different. I've added when ACCESS_SESSION_STARTED and I do see the session. Even when simply trying the [HTTP::host][HTTP::uri] directly from a web browser.
*Apr 8 16:08:17 lhr4-exlb-01 notice tmm2[18680]: Rule /Common/OS-X_Kill_Preauth : hey I found a Mac so Disabling Acces policy...CLIENT IP 10.164.4.23 user agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0 and uri: /ews/exchange.asmx
Apr 8 16:08:17 lhr4-exlb-01 notice tmm2[18680]: Rule /Common/OS-X_Kill_Preauth : Access session started for 10.164.4.23 and user agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0*
irule: when HTTP_REQUEST { set u [HTTP::header "User-Agent"] set uru [HTTP::uri]
log local0.notice "user agent: $u and uri: $uru" if {[string tolower [HTTP::header "User-Agent"]] contains "mac os x" } { ACCESS::disable log local0.notice "hey I found a Mac so Disabling Acces policy...CLIENT IP [IP::client_addr] user agent: $u and uri: $uru" } } when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when ACCESS_SESSION_STARTED { log local0.notice "Access session started for [IP::client_addr] and user agent: [HTTP::header "User-Agent"]" } - kunjan
I think it's triggered for the Exchange Web Service(EWS) by the exchange profile attached the access policy. You might see this in the APM logs. If you are using a 11.4 version you might be able to modify the iRule _Sys attached.
- Rabbit23_116296I think you are right here. I am using 11.6.0 with the latest iApp (think 1.4.0) , does this mean I have options?
- kunjan_118660
I think it's triggered for the Exchange Web Service(EWS) by the exchange profile attached the access policy. You might see this in the APM logs. If you are using a 11.4 version you might be able to modify the iRule _Sys attached.
- Rabbit23_116296I think you are right here. I am using 11.6.0 with the latest iApp (think 1.4.0) , does this mean I have options?
- kunjan
You can try HTTP:disable in the iRule with priority 0 for the iRule. But not sure about the implications.
The other 'dirty' trick is to change the uri in HTTP_REQUEST to temp value and change it back in HTTP_REQUEST_SEND - Rabbit23_116296
I have entirely given up with support with f5 as there is ZERO apm support.
I believe looking at tcpdumps my issue is ntlm related as our mac clients are domain joined. they send a combination of ntlm+basic headers and we are still experiencing major issues.
