Forum Discussion

Nimbostratus

Jul 17, 2014

Send credentials to backend servers through APM

Hello, I have a Virtual Server on F5 APM to be used as reverse proxy. It is protecting a website that uses many different applications and backend servers. Some of those applications are publicl...

BIG-IP Access Policy Manager (APM)

security

Kevin_Stewart

Employee

Jul 17, 2014

This is a little different than your specific question, but I think it might be useful. The idea in the iRule below is that you disable the access policy until the user accesses a protected URI (defined in a string-based data group). Once the access policy has been initiated, all subsequent requests go through the completed access policy regardless of requested URI.

when HTTP_REQUEST {
    if { ( [HTTP::cookie exists MRHSession] ) or ( [class match [string tolower [HTTP::uri]] starts_with my_private_uris] ) } {
        return
    } else {
        ACCESS::disable
        return
    }
}

You would then just apply the SSO profile to the access policy.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)