Forum Discussion
Need help in understand the irule - APM
Hello,
I would like to suggest you here
This iRule is used in the context of a remote access VPN in the APM module of the F5 BIG-IP system. The purpose of the iRule is to check if a user attempting to access a certain URL is allowed based on their role and the category of the URL.
The iRule is triggered on the "ACCESS_PER_REQUEST_AGENT_EVENT" event. It checks if the value of a per-flow data variable called "perflow.irule_agent_id" is set to "VPN_CATEGORY2ROLE_LOOKUP". If it is, the iRule continues to execute, otherwise it does nothing.
The iRule then sets a per-flow data variable called "perflow.scratchpad" to "0". This variable will be used later to determine if the user is allowed to access the URL. The iRule then gets the user's roles from a session data variable called "session.cg.user.roles".
Next, the iRule loops through the categories that are returned by a call to the "CATEGORY::lookup" command, which takes the URL being accessed as an argument. The "CATEGORY::lookup" command is used to match the URL to a category.
For each category that is returned, the iRule checks if the user's roles include the allowed role for that category. If they do, the iRule sets "perflow.scratchpad" to "1" and breaks out of the loop. If they don't, the iRule continues to the next category.
At the end of the iRule, the value of "perflow.scratchpad" is checked. If it is set to "1", the user is allowed to access the URL. If it is set to "0", the user is not allowed to access the URL. hope so it is useful for you .
- Blue_whaleMay 02, 2023Cirrocumulus
thank you very much robert205
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com