Forum Discussion
Blue_whale
Cirrocumulus
CirrocumulusNeed help in understand the irule - APM
Hi Team , Can you please help me understand the irule configured under the VIP in APM ( remote access VPN). What exactly this irule will check ? when ACCESS_PER_REQUEST_AGENT_EVENT { if { [ACCES...
robert205
Nimbostratus
NimbostratusHello,
I would like to suggest you here
This iRule is used in the context of a remote access VPN in the APM module of the F5 BIG-IP system. The purpose of the iRule is to check if a user attempting to access a certain URL is allowed based on their role and the category of the URL.
The iRule is triggered on the "ACCESS_PER_REQUEST_AGENT_EVENT" event. It checks if the value of a per-flow data variable called "perflow.irule_agent_id" is set to "VPN_CATEGORY2ROLE_LOOKUP". If it is, the iRule continues to execute, otherwise it does nothing.
The iRule then sets a per-flow data variable called "perflow.scratchpad" to "0". This variable will be used later to determine if the user is allowed to access the URL. The iRule then gets the user's roles from a session data variable called "session.cg.user.roles".
Next, the iRule loops through the categories that are returned by a call to the "CATEGORY::lookup" command, which takes the URL being accessed as an argument. The "CATEGORY::lookup" command is used to match the URL to a category.
For each category that is returned, the iRule checks if the user's roles include the allowed role for that category. If they do, the iRule sets "perflow.scratchpad" to "1" and breaks out of the loop. If they don't, the iRule continues to the next category.
At the end of the iRule, the value of "perflow.scratchpad" is checked. If it is set to "1", the user is allowed to access the URL. If it is set to "0", the user is not allowed to access the URL. hope so it is useful for you .
Blue_whaleCirrocumulus
Cirrocumulusthank you very much robert205