Forum Discussion

JP_135500's avatar
JP_135500
Icon for Nimbostratus rankNimbostratus
Jan 31, 2014

Only enable access policy when server response is 401?

We have a site that is a mix of anonymous and authenticated content. The authenticated content lives all over within the site and is maintained by hundreds of content editors, so there's really no pa...
anonymous
application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
management
security
  • John_Alam_45640's avatar
    John_Alam_45640
    Jan 31, 2014

    TO add to Josh's suggestion.

     

    If you see the 401 from the server in HTTP_RESPONSE, add some cookie or other marker and redirect client back to the VIP. If the cookie or other marker is seen, then do ACCESS::enable.

     

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Jul 08, 2014

Hi,

I had the same need for one customer.

to follow user session, I checked if APM cookie exist.

    when CLIENT_ACCEPTED {
     set request_headers ""
     set need_creds 0
}

when HTTP_REQUEST {
     set apm_cookie [HTTP::cookie value MRHSession]
     set request_headers [HTTP::request]

     if { $need_creds == 1 || $apm_cookie != "" } {
          ACCESS::enable
     } else {
          ACCESS::disable
     }
}

when HTTP_RESPONSE {
     if {[HTTP::status] == 401 && $need_creds == 0} {
          set need_creds 1
          HTTP::retry $request_headers
     }
}