Forum Discussion
NimbostratusUtilize iRule to minimize APM usage
I have an Access Profile which is invoked for an application in which a) Checks source IP. If whitelisted subnet, allowed to pass through. Otherwise b) Checks URI. if specificied URI requested, c) F5 presents authentication prompt prior to passing through to application.
This works fine, but ALL user traffic to the application is requiring an APM license. In order to reduce license impact, is it possible to utilize an iRule that would only invoke the APM when user is coming via non-whitelisted IP subnet and specified URI? If yes, any pointers on how one would write this? For what it's worth, application also has ASM policy.
Thank you.
Jad_Tabbara__J1Cirrostratus
Hello Check1t,
Yes you can reduce the number of session consumed by the APM by writing an irule.
The irule can take many forms but the important is to use "Access::disable" "Access::enable".
If you don't have many subnets to whitelist you can do it like this :
when HTTP_REQUEST { ACCESS::disable if { ([HTTP::uri] starts_with "/admin") && ! ([IP::addr [IP::client_addr] equals 192.168.1.0/24]) && ! ([IP::addr [IP::client_addr] equals 192.168.2.0/24]) } { Only client IP that are not in subnets 192.168.1.0/24 and 192.168.2.0/24 and requesting /admin will use APM ACCESS::enable } }If you have more subnets, you can use datagroup for clarity.
Regards