For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AngryCat_52750's avatar
AngryCat_52750
Icon for Nimbostratus rankNimbostratus
Nov 07, 2013

my.policy URI rename

we are starting to implement quite a few APM login pages through the F5. the one thing we have noticed is that no matter what the site name is - www.domain.com or www.example.com, when the login page triggers in APM, we always get a 302 to the my.policy page..

 

is there a way to rename that to login or something?? or does the my.policy always have to be there??

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
design
devops
iRules
security

5 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Nov 07, 2013

    It is by design and no way to change that in the configuration. That said, you could technically rewrite it. This is untested, but should work:

    when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/login" } {
        HTTP::uri [string map {"/login" "/my.policy"} [HTTP::uri]]
    }
}
when HTTP_RESPONSE {
    if { ( [HTTP::is_redirect] ) and ( [HTTP::header Location] starts_with "/my.policy" ) } {
        HTTP::header replace Location [string map {"/my.policy" "/login"} [HTTP::header Location]]
    }
}
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jul 31, 2014

    Hi,

    You can layer two VS : user -> VS1 (LTM only) -> VS2 (with access profile)

    then you just have to set the following irule on VS1 :

    when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/login" } {
        HTTP::uri [string map {"/login" "/my.policy"} [HTTP::uri]]
    }
}
when HTTP_RESPONSE {
    if { ( [HTTP::is_redirect] ) and ( [HTTP::header Location] starts_with "/my.policy" ) {
        HTTP::header replace Location [string map {"/my.policy" "/login"} [HTTP::header Location]]
    }
}

    tested on 11.5.1 HF4

    note : "HTTP::is_redirect" command generate an error starting 11.5.1

    • avnishvyas_1974's avatar
      avnishvyas_1974
      Icon for Nimbostratus rankNimbostratus
      Jul 18, 2017

      Hi Yann unfortunately I tried your iRule attempt and we still get the redirect to my.policy?

       

  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jul 31, 2014

    Hi,

    You can layer two VS : user -> VS1 (LTM only) -> VS2 (with access profile)

    then you just have to set the following irule on VS1 :

    when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/login" } {
        HTTP::uri [string map {"/login" "/my.policy"} [HTTP::uri]]
    }
}
when HTTP_RESPONSE {
    if { ( [HTTP::is_redirect] ) and ( [HTTP::header Location] starts_with "/my.policy" ) {
        HTTP::header replace Location [string map {"/my.policy" "/login"} [HTTP::header Location]]
    }
}

    tested on 11.5.1 HF4

    note : "HTTP::is_redirect" command generate an error starting 11.5.1

    • avnishvyas_1974's avatar
      avnishvyas_1974
      Icon for Nimbostratus rankNimbostratus
      Jul 18, 2017

      Hi Yann unfortunately I tried your iRule attempt and we still get the redirect to my.policy?