For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

TJ_Vreugdenhil's avatar
TJ_Vreugdenhil
Icon for Cirrus rankCirrus
Nov 14, 2017

Hi Stanislas - Thanks for the response!

Yes, we just want to convert the TMG functionality above to the APM.

Would the iRule below not work better? Wouldn't we want to use 

"ACCESS::session remove"
as well. Perhaps these two irules are accomplishing the same thing? 

when HTTP_REQUEST {
    if {[URI::query [HTTP::uri] "Cmd"] equals "logoff"} {
        ACCESS::session remove
        HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3"
        }
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 14, 2017

    The two changes you did are useless

     

    • when session hit /vdesk/hangup.php3 URI, the session immediately closes.
    • Never use absolute URL if on the same service (same scheme and same hostname). prefer relative URL like I did.

       

      it makes more work on reverse proxy if rewriting is required

       

      even ASM detect absolute URL on the same service as a potential violation.
  • TJ_Vreugdenhil's avatar
    TJ_Vreugdenhil
    Icon for Cirrus rankCirrus
    Nov 14, 2017

    thanks for the additional detail!