F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

f5rocks_86658's avatar
f5rocks_86658
Icon for Nimbostratus rankNimbostratus
Jun 01, 2016

Need to allow request only if application opens from parent portal

Dear Experts,   Please suggest with an iRule, where application access only to be allowed if app is being accessed from authenticated portal only. Referer header can be checked on first request. H...
iRules
security
Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
Jun 01, 2016

Formatted example :

 

on VIP1 :

 

when HTTP_RESPONSE {
    if { [HTTP::cookie exists "MySessionCookie"] } {
        HTTP::cookie domain "MySessionCookie" "example.com"
    }
}

on VIP2 :

 

when HTTP_REQUEST {
    if { ([HTTP::cookie exists "MySessionCookie"]) } {
         insert code to add cookie validation
    } else {
        HTTP::redirect "https://vip1.example.com/login"
    }
}

But clearly, it would be easier to use APM module and put an access profile with multi-domain sso on both VIP and configure Web SSO for VIP1.

 

  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jun 03, 2016
    Hi, Did you had a chance to test this scenario ?
  • spalande's avatar
    spalande
    Icon for Nacreous rankNacreous
    Jul 31, 2016

    Dear Yann,

     

    I ended up with configuring APM for this with local user database for vip2 fo secure the access