HTTP Event Order -- Access Policy Manager
Early last year I blogged an update to the iRules HTTP event order that F5er John Alam put together. John is back with another update to the drawing, this time, however, including the access policy m...
Published Jun 26, 2012
Version 1.0JRahm
Admin
Joined January 20, 2005
JRahm
Admin
Joined January 20, 2005
Stanislas_Piro2
May 03, 2017Cumulonimbus
Hi Jason,
It's really a great drawing which helped me to understand how APM work and to write my own irules.
I have some comments about it :
- ACCESS_ACL_DENIED doesn't lead to
but toRespond with session terminaison page
Respond with denial page
- I don't understand
. If VPE is not allowed after ACCESS_POLICY_COMPLETED, session is removed so this condition is always true as only valid session are going there.VPE Allow condition
- As René already said,
andACL Defined
must be merge into one withEvaluate ACL
, if not denied, ACCESS_ACL_ALLOWED is evaluated even if no ACL is defined.Denied by ACL
- ACCESS_POLICY_AGENT_EVENT may loop to
as VPE can raise this event multiple timesVPE calls irule Event
- ACCESS_SESSION_CLOSED is triggered outside of flow context. it doesn't lead to
Respond with session terminaison page
- if
and URI equals APM logout URI (/vdesk/hangup.php3 or /vdesk/my.logout.php3) --> leads to ACCESS_SESSION_CLOSEDValid existing session
Do you agree with these comments? If I am right, is it possible to update the drawing?