validation Irule F5 APM

Question

Hello, I’m not an expert on the rule, so does anyone have a tool or could I validate this rule please?
In the Access Profile :
Irule_Allpriv_Api :
when ACCESS_POLICY_AGENT_EVENT {
  log local0. "avant test id valeur a 5"
  set static::valeur 5
  set static::info "infos irule avant traitement"
  set static::result "appel api allpiv avant traitement"
  if {"[ACCESS::session data get session.custom_event.id]" eq "irule_allpriv_api"} {
    log local0. "irule_allpriv_api alimentation des variables"
    set static::clientID "[ACCESS::session data get session.ldap.last.attr.cn]"
    set valeur 0
    set result "irule api traitement ok"
    ACCESS::session data set session.logon.user.id 0
    ACCESS::session data set session.custom.clientID $clientID
    ACCESS::session data set session.api.allpriv.id $result
    log local0. "variables alimentees"
    set s2 [call /common/HSSR::http_req -uri "https://m.allpriv.com/techzone.sh?id"; \ – 
      virt /common/vs-HSSR-helper -method POST –redir 0 –rbody info]
    if {$s2 == 200} {
      log local0. "retour du serveur ok info= ${info}"
    } else { log local0. "retour du serveur Ko info= ${info}" }
    if { $clientID != "" } { 
      ACCESS::session data set session.logon.user.id 1
    }
  } 
}
thanks you Best regard Alain OSSART @mail : alain.ossart@ca-ts.fr

andy_mcgrath · Answer

Just a quick visual review. Which got two minor points:

Don't use static variables unless you really need too
You can ACCESS::policy agent_id instead of [ACCESS::session data get session.custom_event.id]

&nbsp;
when ACCESS_POLICY_AGENT_EVENT {
    log local0. "avant test id valeur a 5"
    set valeur 5
    set info "infos irule avant traitement"
    set result "appel api allpiv avant traitement"

if {[ACCESS::policy agent_id] eq "irule_allpriv_api"} {
        log local0. "irule_allpriv_api alimentation des variables"
        set clientID "[ACCESS::session data get session.ldap.last.attr.cn]"
        set valeur 0
        set result "irule api traitement ok"
        ACCESS::session data set session.logon.user.id 0
        ACCESS::session data set session.custom.clientID $clientID
        ACCESS::session data set session.api.allpriv.id $result
        log local0. "variables alimentees"
        set s2 [call /common/HSSR::http_req -uri "https://m.allpriv.com/techzone.sh?id"; \ –virt /common/vs-HSSR-helper -method POST –redir 0 –rbody info]

if {$s2 == 200} {
            log local0. "retour du serveur ok info= ${info}"
        } else {
            log local0. "retour du serveur Ko info= ${info}"
        }

if { $clientID != "" } {
            ACCESS::session data set session.logon.user.id 1
        }
    }
}

&nbsp;

stanislas_piro2 · Answer

Hi,
I don't understand what this code is expected to do!
Your code contains wrong commands (Line 3 : set starts with uppercase) You forgot the POST body in your request.
You can do anything there in the Access Policy:

HTTP Auth (create first a HTTP Auth without "Form Parameter For User Name" / "Form Parameter For Password" values, All Access session variables are entered as %{session.custom.myvar} ) If you want to get data from server (which is a virtual server in your code), you can include in a cookie... HTTP Auth stores cookies in session variable but not body.

Variable Assign :
session.logon.user.id = variable session.http.last.result
session.custom.clientID = variable session.ldap.last.attr.cn
session.api.allpriv.id = Text "api traitement ok"

Forum Discussion

validation Irule F5 APM

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Use iRules to validate signed payload

Couple of questions. irule pool validation and call?

APM SSO breaks RDP persistence

iRULE regsub error

APM/SAML Logout.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS