Forum Discussion

Shyam_Shukla's avatar
Shyam_Shukla
Icon for Nimbostratus rankNimbostratus
Aug 17, 2019
Solved

Apply per-session policy only for given set of URLs

Hello All,

 

Our per-session policy is configured to have SAML authentication. By default, all the incoming requests to Virtual Server require SAML authentication but our requirement is to apply per-session policy (i.e. SAML authentication) only for given set or URLs and rest of the URLs should be whitelisted (i.e. per-session policy should not be applied).

 

I've implemented below iRule to implement above requirement. Please help to review it and let me know if it needs any changes to fulfill this use-case:

 

when RULE_INIT {

   # data groups - list of URIs that should to allowed through per-session policy

   set static::secure_url_list secure_urls_list ;

}

 

when HTTP_REQUEST {

 

       if {[class match [HTTP::path] equals $static::secure_url_list]} {;

                   log local0.debug "Found [HTTP::path] in secure_url_list"

                   ACCESS::enable

       } else {

                ACCESS::disable

   }

 }

 

Thanks,

Shyam

APM
devops
iRules
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Aug 19, 2019

    Hi,

    Can you try this iRule without RULE_INIT?

    when HTTP_REQUEST {
	if { class match [HTTP::path] equals secure_urls_list } {
		log local0.debug "Found [HTTP::path] in dg_secure_urls_list"
		ACCESS::enable
	} else {
		# log local0.debug "Not found [HTTP::path] in dg_secure_urls_list"
		ACCESS::disable
    }
}

2 Replies

Sort By
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Aug 19, 2019

    Hi,

    Can you try this iRule without RULE_INIT?

    when HTTP_REQUEST {
	if { class match [HTTP::path] equals secure_urls_list } {
		log local0.debug "Found [HTTP::path] in dg_secure_urls_list"
		ACCESS::enable
	} else {
		# log local0.debug "Not found [HTTP::path] in dg_secure_urls_list"
		ACCESS::disable
    }
}