Why the page /my.policy redirects users to /vdesk/hangup.php3 ?

Question

Hello all, &nbsp;
I have a problem with the APM, I have an application published and sometimes the users are unable to see the login page, instead of that they get the logout page.&nbsp;
This is very strange because it doesn't happens all the times, only sometimes so for me this seems a cookie problem or something like that.&nbsp;
I've been using the fiddler tool and I've seen that sometimes when the my.policy URL is called the F5 closes the connection and redirect the user to /vdesk/hangup.php3, also in the same GET I see the session cookies and it seems to be ok.&nbsp;
There is no iRules that redirects the request to /vdesk/hangup.php3 and I've not modified the logon page code.&nbsp;
Do you know why could this be happening? &nbsp;
&nbsp;

youssef1 · Answer

Hi Sergio,&nbsp;
For information, vdesk/hangup.php3 is a script deleting a user's session (remove cookie regarding your session).&nbsp;
You can be redirect to vdesk/hangup.php3 when you don't pass the policy (VPE).&nbsp;
Did you check the report ? in order to see why the user is logged out.&nbsp;
Last point you have 2 differente type of loggout using vdesk/hangup.php3.&nbsp;
when user trigged a logout.when your fail apm policy (and in this case, you will find your session ID)...
Regards&nbsp;

abdessamad1 · Answer

Dear,&nbsp;
You have to look into the /var/log/apm log file and eventually enable debug logging level to see the details when this issue occur.&nbsp;
regards.&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
it is not recommended to insert any box between Logon page and Auth boxes.&nbsp;
I know it was required before Radius to change session.logon.last.password. I say was because in version 13.1 (I'm not sure which version add this feature) you can configure the password source.&nbsp;
Why isn't it recommended to insert a box between logon page and Auth? because these boxes are evaluated only once. if the first user authentication attempt fails, all following attempts will be evaluated within the AD auth box, there is no rollback in the decision tree to the logon page.&nbsp;
Then iRule event is not recommended. I know you find this one in an article from a F5 employee written in 2013. Everything that can be done with variable assign may be done with variable assign. irule event requires an external execution of code from access profile which add evaluation latency and variable cache issues.&nbsp;
here are variable assign expressions you can use instead of irules (use this variable assign order because flags expression uses trusted value)&nbsp;
session.custom.owa.trusted = &nbsp;
expr {[mcget {session.logon.last.pubpriv}] == "private" ? 4 : 0}

session.custom.owa.flags = &nbsp;
expr {[mcget {session.logon.last.lightversion}] == "yes" ? [mcget {session.custom.owa.trusted}]+1 : [mcget {session.custom.owa.trusted}] }

Even if you use irule event or the variable assign I provide, move all sso to the end of the decision tree. these variables are not required for authentication but only for SSO.&nbsp;

sathya_kumar · Answer

Hi Sergio,  Did you manage to get this issue fixed.  I have a Customer reporting the same issue on F5 AWS - Version 12.1.1 HF1.  Thank you,&nbsp;

sathya_kumar_28 · Answer

Hi Sergio,  Did you manage to get this issue fixed.  I have a Customer reporting the same issue on F5 AWS - Version 12.1.1 HF1.  Thank you,&nbsp;

Forum Discussion

Why the page /my.policy redirects users to /vdesk/hangup.php3 ?

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

Anchor Link Redirect

Change Pagename /Vdesk/Hangup.php3

(HTTP) Redirection via Arbitrary Host Header

url redirect

Detect the "/vdesk/hangup.php3" uri SharePoint

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS