APM per-request policy/irule

LoveNoodles · ‎23-Jul-2021

Hi, I have a APM per-request policy that is using URL branching to force login on a specific URI. Now the issue we face is that this specific URI is common across the application when submitting forms. So the only way I can make this unique is via looking for a unique string in the http payload for that specific POST. Now I have been able to identify this unique string and also am able to create the irule logic to capture the payload and then look for that specific string from the payload on that URI. In addition, I can set an ACCESS_PER_REQUEST_AGENT_EVENT id in the per-request policy just before the login page object to reference that event in the irule, but what irule logic do I use to trigger bypassing the per-request policy OR fallback to bypassing the login page within the per-request policy if the payload does NOT contain the unique string on the specific URI.

For example, is there is any command associated with the "fallback" trigger in an APM access policy or even disabling the per-request policy itself in an irule, like ACCESS::disable command which bypasses the APM access policy in its entirety.

Daniel_Wolf · ‎25-Jul-2021

Hi LoveNoodles,

you could set a perflow variable in your iRule. See the reference here:

https://clouddocs.f5.com/cli/tmsh-reference/v15/modules/ltm/ltm_rule_command_ACCESS_perflow.html

In the next PRP object you could use an Empty Action to create branch rules like the following:

expr { [mcget {perflow.custom}] equals "MyBypassValue" }

And then send the specific requests to an Allow ending.

KR

Daniel

View solution in original post

Daniel_Wolf · ‎25-Jul-2021