Forum Discussion
JP_135500
Nimbostratus
NimbostratusOnly enable access policy when server response is 401?
We have a site that is a mix of anonymous and authenticated content. The authenticated content lives all over within the site and is maintained by hundreds of content editors, so there's really no pa...
TO add to Josh's suggestion.
If you see the 401 from the server in HTTP_RESPONSE, add some cookie or other marker and redirect client back to the VIP. If the cookie or other marker is seen, then do ACCESS::enable.
JP_135500Nimbostratus
NimbostratusBelow is the iRule that I am using (with the logging and comments removed for brevity). I can access the site anonymously, and the need_creds variable does get set to 1 when I browse to an authenticated page. However, after supplying credentials, need_creds resets to 0 and I am not actually logged into the site. Additionally, it 404s on a GET to /F5Networks-SSO-Resp.
I presume that I do not want to set need_creds in CLIENT_ACCEPTED just because it appears that it resets when the AP is enabled/disabled. Though I don't know. What direction do I need to be looking now? I apologize for being pretty dumb about this...
when CLIENT_ACCEPTED {
set request_headers ""
set need_creds 0
}
when HTTP_REQUEST {
set request_headers [HTTP::request]
if { $need_creds == 1 } {
ACCESS::enable
} else {
ACCESS::disable
}
}
when HTTP_RESPONSE {
if {[HTTP::status] == 401 && $need_creds == 0} {
set need_creds 1
HTTP::retry $request_headers
}
}