Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
May 03, 2017

Hi Jason,

It's really a great drawing which helped me to understand how APM work and to write my own irules.

I have some comments about it :

  1. ACCESS_ACL_DENIED doesn't lead to 
    Respond with session terminaison page
    but to 
    Respond with denial page
  2. I don't understand 
    VPE Allow condition
    . If VPE is not allowed after ACCESS_POLICY_COMPLETED, session is removed so this condition is always true as only valid session are going there.
  3. As René already said, 
    ACL Defined
    and 
    Evaluate ACL
    must be merge into one with 
    Denied by ACL
    , if not denied, ACCESS_ACL_ALLOWED is evaluated even if no ACL is defined.
  4. ACCESS_POLICY_AGENT_EVENT may loop to 
    VPE calls irule Event
    as VPE can raise this event multiple times
  5. ACCESS_SESSION_CLOSED is triggered outside of flow context. it doesn't lead to 
    Respond with session terminaison page
  6. if 
    Valid existing session
    and URI equals APM logout URI (/vdesk/hangup.php3 or /vdesk/my.logout.php3) --> leads to ACCESS_SESSION_CLOSED

Do you agree with these comments? If I am right, is it possible to update the drawing?