cancel
Showing results for 
Search instead for 
Did you mean: 

irule to just enable APM for one subsite - not working

Shawn_Conway
Altostratus
Altostratus

Just trying to create an irule to enable APM for one of the subsites and disabled for the others. It works fine if no irule and the all the sites work fine going through the forms APM login. When I add the irule below all the other subsites work fine and do not go through APM. The subsite where APM is anabled allows me to got through APM and login into form but returns the following URL instead of /beergame and everytime I try to go to /beergame i get the error below. Any idea?

 

Here is the irule:

 

when HTTP_REQUEST {

 

 # Enable APM for BeerGame

 if {[HTTP::path] starts_with "/beergame/"} { ACCESS::enable } else { ACCESS::disable } 

 }

 

 

irule to enable apm on subsIte but get this error:

 

 

https://"mydomain"/F5Networks-SSO-Resp?SSO_ORIG_URI=aHR0cHM6Ly9xYWFwcHNleHQuaGtzLmhhcnZhcmQuZWR1L2JlZXJnYW1lLw%3d%3d&TOKEN=dfd5df21

 

 

6 REPLIES 6

Christopher_Mil
F5 Employee
F5 Employee

Are you intentionally doing multi-domain SSO here?

interesting Chris if I change it to single domain it works. I forget why i use multi domain, think we had issues with single domain. i changed it to single domain and made the cookie with a wildcard *.domainname and will test it out in QA. But cant change prod for this, so do you think there is a work around for multidomain? I did add the domain for that DNS of that app. We have a list about 10 and all other work fine but this is the only one with this irule. Thank You!

I accidentally used my auto-generated F5 DevCentral account for the previous answer, lol. Figured I'd switch to this one. Anywho, I'm guessing we're trying redirect to the primary auth URI but your iRule might be disabling APM for that URI which could be breaking things. Just a guess.Just to test, can you also ACCESS::enable for starts_with "F5Networks" and see how it looks?

True it is redirecting to to the primary auth URI. Interesting that works. Now how would i incorporate it just for "/beergame/login.aspx" and disable for the rest of the sites on that server. I was going to do a work around and create a new APM just for this server since it works for single domain, but be nice to get in the multi domain SSO we have setup (I remembered) .

Tried this but it did not like this same error:

when HTTP_REQUEST {

 

 # Enable APM for BeerGame

 if {[HTTP::path] starts_with "/beergame/login.aspx" or [HTTP::path] starts_with "F5Networks"} { ACCESS::enable } else { ACCESS::disable }

 }

 

 

Do you think i should just have separate access policy for this server, I know that will work with original irule?

Sajid
Cirrostratus
Cirrostratus

try this

 

when HTTP_REQUEST {

  if {( [HTTP::uri] starts_with "/yourURI" ) } {

    log local0. "APM Enabled for URI [HTTP::uri]"

    return

  } else {

    ACCESS::disable

    log local0. "APM Disabled for [HTTP::uri]"

    return

  }

}