Forum Discussion

Nimbostratus

Jun 15, 2015

iRule using DataGroup to bypass APM Policy

Hi, We have an APM policy to collect the machine name, set it to our domain, and perform an AD lookup. We have to utilize Datagroups to pre-authorize a few users that do not fall into proper AD gro...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Jun 15, 2015

Hey Nick,

I would add a check in the iRule under the "set machinename" to query the data group and if it exists then set another ACCESS::session variable like "session.custom.bypass_adquery" then after the iRule event in the VPE have an empty action with branch rules that if the bypass_adquery variable is set then you go down that branch to allow. If it isn't set then they will go to AD Query like normal.

Seth

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule using DataGroup to bypass APM Policy

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

CSV to Address External Datagroup File

Can I use an Irule to bypass an access policy if a cookie is present

Help me! About datagroup

Modifying multiple entries in a datagroup via api?

import data from excel into datagroup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS