Forum Discussion
Shawn_Conway
Cirrus
Cirrusirule to just enable APM for one subsite - not working
Just trying to create an irule to enable APM for one of the subsites and disabled for the others. It works fine if no irule and the all the sites work fine going through the forms APM login. When I...
millerch
Employee
EmployeeAre you intentionally doing multi-domain SSO here?
Shawn_ConwayCirrus
Cirrusinteresting Chris if I change it to single domain it works. I forget why i use multi domain, think we had issues with single domain. i changed it to single domain and made the cookie with a wildcard *.domainname and will test it out in QA. But cant change prod for this, so do you think there is a work around for multidomain? I did add the domain for that DNS of that app. We have a list about 10 and all other work fine but this is the only one with this irule. Thank You!
- Chris_Miller
Altostratus
I accidentally used my auto-generated F5 DevCentral account for the previous answer, lol. Figured I'd switch to this one. Anywho, I'm guessing we're trying redirect to the primary auth URI but your iRule might be disabling APM for that URI which could be breaking things. Just a guess.Just to test, can you also ACCESS::enable for starts_with "F5Networks" and see how it looks?
- Shawn_Conway
True it is redirecting to to the primary auth URI. Interesting that works. Now how would i incorporate it just for "/beergame/login.aspx" and disable for the rest of the sites on that server. I was going to do a work around and create a new APM just for this server since it works for single domain, but be nice to get in the multi domain SSO we have setup (I remembered) .
- Shawn_Conway
Tried this but it did not like this same error:
when HTTP_REQUEST {
# Enable APM for BeerGame
if {[HTTP::path] starts_with "/beergame/login.aspx" or [HTTP::path] starts_with "F5Networks"} { ACCESS::enable } else { ACCESS::disable }
}
Do you think i should just have separate access policy for this server, I know that will work with original irule?
