Forum Discussion
ywa
Nimbostratus
NimbostratusLTM uri filtering with APM enabled
Hello,
I want to restrict the URI of a virtual server in a LTM policy. So, I created an LTM policy with a rule like this :
Conditions :
1. HTTP Host host is 'test.mydomain.com' at request time.
2. HTTP URI path starts with '/allowed' at request time.
Actions :
1. Forward traffic to pool '/Common/POOL_test' at request time.
The problem is if I add an APM policy on this virtual server. The LTM policy block the URIs used by the apm policy to make a session (like /my.policy, ...).
I try to allow /my.policy too but it's not working and anyway it's not the only uri.
Is there a simple way to avoid the ltm policy to block these or what is the recommended way to do this URI restriction when we have an APM policy set ?
Thanks
Hi ywa,
Can you try this iRule?
when HTTP_REQUEST { if { [HTTP::host] equals "test.mydomain.com" && [HTTP::uri] starts_with "/allowed" } { ACCESS::disable pool /Common/POOL_test } }
ywaHello,
Thanks for your answer.
I want to keep the access policy control on the uri. Just allow the uri that the BigIP use to make the session.
In fact, if I use an iRule like the one you give but without the "ACCESS::disable" part. It's working because by default the irule is not trigger for the internal access control URI used for the APM session.
But it is not the case from the LTM policy and I was wondering if it was possible to do the same in the LTM policy (to avoid using an iRule just for that).
