Forum Discussion

Garsa_163306's avatar
Garsa_163306
Icon for Nimbostratus rankNimbostratus
Jun 23, 2017

Hello All,

The issue here is that the condition on the portion below of the current irule does not match.

 when HTTP_REQUEST { 
    set isset 0 if {
        [string tolower [HTTP::uri]] starts_with "/owa" } {
            if {[string tolower [HTTP::uri]] contains "logoff" } { 
                ACCESS::session remove 
                HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3"
                "Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata "Set-Cookie" $static::cookie_usercontext
                .....

With Portal Access the URL gets rewritten to something like:

https:///f5-w-474736e612e6174736175746f2e6e6574$$/owa/

so the condition below does not longer match.

[string tolower [HTTP::uri]] starts_with "/owa" }

Therefore the solution I came up with was to modify that portion as per below:

if {[string tolower [HTTP::uri]] matches_regex {\/f5-w-.*\$\$\/owa.*/} } {

So far no issues for me and the logout works as expected. Hopefully it helps.

Regards,

Simon

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jun 26, 2017

    Hi,

    a better solution is to evaluate 

    ACCESS_ACL_ALLOWED
    instead of 
    HTTP_REQUEST
    .

    when ACCESS_ACL_ALLOWED { 
    set isset 0 if {
        [string tolower [HTTP::uri]] starts_with "/owa" } {
            if {[string tolower [HTTP::uri]] contains "logoff" } { 
                Do not remove the session within irule but redirect to /vdesk/hangup.php3
                ACCESS::session remove 
                 Redirect to relative URI and use ACCESS::respond (HTTP::respond not supported in ACCESS_ACL_ALLOWED
                HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3"
                ACCESS::respond 302 Location "/vdesk/hangup.php3" "Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata "Set-Cookie" $static::cookie_usercontext
                .....

    ACCESS_ACL_ALLOWED is evaluated after rewrite.

    if you want to use HTTP_REQUEST, scan is better than regex

    if {[scan [string tolower [HTTP::uri]] {/f5-w-%[^$]$$/%[^/]} encresource baseuri] == 2 && $baseuri starts_with "owa" } {