cancel
Showing results for 
Search instead for 
Did you mean: 

LTM uri filtering with APM enabled

ywa
Nimbostratus
Nimbostratus

Hello,

 

I want to restrict the URI of a virtual server in a LTM policy. So, I created an LTM policy with a rule like this :

 

Conditions :

1. HTTP Host host is 'test.mydomain.com' at request time.

2. HTTP URI path starts with '/allowed' at request time.

 

Actions :

1. Forward traffic to pool '/Common/POOL_test' at request time.

 

The problem is if I add an APM policy on this virtual server. The LTM policy block the URIs used by the apm policy to make a session (like /my.policy, ...).

I try to allow /my.policy too but it's not working and anyway it's not the only uri.

 

Is there a simple way to avoid the ltm policy to block these or what is the recommended way to do this URI restriction when we have an APM policy set ?

 

Thanks

2 REPLIES 2

Hi ywa,

 

Can you try this iRule?

when HTTP_REQUEST { if { [HTTP::host] equals "test.mydomain.com" && [HTTP::uri] starts_with "/allowed" } { ACCESS::disable pool /Common/POOL_test } }

https://clouddocs.f5.com/api/irules/ACCESS__disable.html

Hello,

 

Thanks for your answer.

 

I want to keep the access policy control on the uri. Just allow the uri that the BigIP use to make the session.

 

In fact, if I use an iRule like the one you give but without the "ACCESS::disable" part. It's working because by default the irule is not trigger for the internal access control URI used for the APM session.

 

But it is not the case from the LTM policy and I was wondering if it was possible to do the same in the LTM policy (to avoid using an iRule just for that).