I have implemented an application proxy in LTM that uses an iRule along with old Advanced Client Authentication (ACA) features to perform OCSP checks for certificate-based authentication as a fall-back for requests from un-authorised IP addresses.
The reason for an iRule and the old PAM-based authentication is that several of the services that are using the proxy cannot handle/present session cookies. My original implementation was built using APM, which made the whole solution much easier to configure. This worked like a dream for browser access and some command-line clients that could handle cookies. However access failed for client connections that couldn't handle cookies.
I would love to use APM to replace the existing access rule, especially as old posts like the one below, suggest that the ACA features are likely to be removed at some point:
Is there any way to use APM based features, such as OCSP Reponder authentication, either natively or from within an iRule, without APM session cookie requirements? Or is APM limited to connections that can handle cookies?
Thank you Juergen, that's perfect, just the kind of guidance I needed. I will take a look at clientless mode to see if I can migrate my current configuration back to using APM.
Newer than the clientless mode that @Juergen_Mang mentioned is the API protection profile that utilized F5 APM per-request policies that do not need a session:
> Newer than the clientless mode that @Juergen_Mang mentioned is the API protection profile that utilized F5 APM per-request policies that do not need a session
IF there is no requirement for a session, the API protection profile is indeed the better attempt.
Thank you both for your responses and guidance. I will see if an API protection profile will be suitable for my needs and if not, I will run some tests using APM in clientless mode, which I had never heard of previously. I appreciate both suggestions, thank you again
