Forum Discussion

Nimbostratus

Aug 30, 2016

Update packet filter rule from icall

My Use Case: We have a proxy client installed on our laptops that performs a captive portal test before it will initiate a connection with a proxy server within it's list. The test tries to reach ou...

application delivery

BIG-IP Access Policy Manager (APM)

MVP

Sep 02, 2016

Hi Ryan,

glad to hear that the ISTATS/iCall approach is working out for your.

A request limiter should be mplemented because the "/myvpn?sess=" ISTATS-trigger is anonymously accessible. But its not a big deal to implement such an request limiter.

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/myvpn?sess=" } then {
        if { [table lookup "XX policy string Client_Connected"] eq "" } then {
            table set "XX policy string Client_Connected" "1" indefinite 5
            ISTATS::set "XX policy string Client_Connected" 1
        }
    }
}

Note: The above example will limit the execution of the iCall script to a maximum of every 5 seconds.

Cheers, Kai

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)