Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

add attribute query f5 apm


hi expert

i want to send otp to another domain for example on irule lx

to : send email and we want to add atribute ad : noname and send to :

the goal email otp code should 

the logic is if nomber phone doesnt ekist send to email user 




You can achive this by using an iRule event in the VPE.

You insert an iRule Event agent at the right place in your logic in VPE and then in the iRule attached to the VS you have access to the different session variables where you can measure and rewrite.


We already configured session on irule event on vs and we set attribute on pve but when access vpn we did not get  OTP notification, we already check attribute name and match on active directory, on report log is able to see the session attribute succes send otp or not?

if we running debug on f5, the event procces can see to make sure the step on it



I would start to log the relevant variables in the iRule when logging on to get there content.

Then I would run a tcpdump on the unit to see if it tries to send anything out and to where, with what.

Also, have you configured a SMTP relay (System ›› Configuration : Device : SMTP) and do you know if it works ?

i have check access report but didnt find the variable,  how to check log for relevant variable ?

if i used tcp dump should we decrypt client ssl side only or server to ? because we have client and servire ssl certificate

we didnt configure smtp rely, this active directory on existing we just add new attribut contain email address and when otp will send to new email not existing email  



Turn up logging to debug for all features, that should give you more information of what is going on in general. I would expect the variables to be logged without it though.

You must configure a smtp relay, otherwise it doesn't know how to send the otp:

Screenshot from 2023-04-28 07-00-43.png

Regarding decrypting ssl I would go for both sides. Have a look at Mr. Rahm's solution:


function send_email (req, res) {
var transporter = nodemailer.createTransport ({
host: 'xx.xx.xx.xx',
port: 25,
secure: false,
tls: {
rejectUnauthorized: false
var mailOptions = {
from: '',
to: req.params()[2],
subject: 'User VPN '+ req.params()[0],
html: "Kode OTP : "+ req.params()[1] + "<br />dont share.<br /><br />Email user: "+ req.params()[2]+"<br />Phone: "+req.params()[3]+"<br/>Department: "+req.params()[4]


here is irule access policy agent event (on vpe attribute name is mail)

ACCESS::session data get