Forum Discussion

Alex_Ng's avatar
Alex_Ng
Icon for Nimbostratus rankNimbostratus
Mar 28, 2019

Remove new session link on logout page

Hi all,

 

There is only one logout page for a policy in APM. I have different services using different landing uri. The default logout page is shown as follows.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

Your session is finished.

 

Logged out successfully.

 

Thank you for using BIG-IP.

 

To open a new session, please click here.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

The page is fine for most services. However, I want to remove the last sentence and the link for 1 service.

 

Thanks,

 

APM
security

3 Replies

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Mar 28, 2019

    Hi Alex,

    you would need to alter the PHP's for this task, which is not recommended by F5 support and also has very little documentation.

    I would rather then deploy an iRule on your VS which intercepts the logoff URI of the given application, kills the APM session and redirects the user to a customized logoff page served by the iRule itself. Much easier and less intrusive...

     

    when ACCESS_ACL_ALLOWED {
    switch -glob -- [HTTP::uri] {
        "*application_logout_signature.html*" {
            HTTP::respond 302 \
                            Location "/x-vdesk/hangup.php3"
        }
        "/x-vdesk/hangup.php3" {
            HTTP::respond 200 \
                            content $static::custom_hangup_page \
                            "Content-Type" "text/html" \
                            "Set-Cookie" "MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" \
                            "Set-Cookie" "F5_ST=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" \
                            "Set-Cookie" "MRHSHint=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" \
                            "Set-Cookie" "F5_HT_shrinked=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" \
                            "Set-Cookie" "F5_fullWT=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" \
                            "Set-Cookie" "MRHSequence=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/"
            ACCESS::session remove
        }
    }
}
when RULE_INIT {
    set static::custom_hangup_page {

  
    
    BIG-IP logout page
    
    
    

    
  








  
    
    
  
  
     
     
  


JavaScript is not enabled. Please enable JavaScript in your browser or contact your system administrator for assistance.
To open a new session, please  



        
        
            
                Your session is finished.
            
            
                
                    Logged out successfully.
                    
Thank you for using BIG-IP.
                
            
            
                
            
        
    
    

This product is licensed from F5 Networks. © 1999-2017 F5 Networks. All rights reserved. 



 }

}

     

    Note: The HTML of the logoff page has been borrowed from a default APM login pages. Just the link has been removed and the Copyright Symbol of the Page Footer is HTML encoded to allow saving of the iRule...

    Cheers, Kai

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Mar 29, 2019

    Hi Alex,

    I also had the same problem and there is a very simple solution.

    • Connect to F5 -> Profiles / Policies -> Customisation -> Advanced.
    • Then select your Access Profiles.
    • in the tree of your access profile go to : Logout -then-> logout.inc

    Remove this sentence at line 115:

    • Do the same action in the tree of your access profile go to : Access policy --> Ending page --> Deny --> Logout.inc

    Remove this sentence at line 115:

    Don't forget to save draft in top right after each modification then click save top center.

    Then apply your policy and voila.

    keep me in touch.

    regards

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Mar 29, 2019

    Hi Alex,

    below is the JScript which needs to be insert into your APM logout page(s)...

    The snippet needs to be placed somewhere in the HTML-Header (e.g. right before code tags). It will execute a JScript which checks if the browser session includes the cookie CSS_newSessionDIV_disable=true. If the cookie is found it will trigger a custom CSS code to disable the content related to newSessionDIV If the cookie if not found the content gots displayed as usuall...

    I've used the iRule below to develop the PoC. It can be used to set/remove the 'CSS_newSessionDIV_disable=true' cookie for demo purposes as an overlay of your APM enabled VS. You will finally need to develop a tailordered mechanism for your setup, to inject the CSS_newSessionDIV_disable cookie based on the last accessed application. This can be done on the individual web applications or by using another iRule...

     

    when HTTP_REQUEST {

    Defining the HTML demo page...

    set http_content {

        Links to manage the CSS_newSessionDIV_disable cookie
         | 
        Below is APMs HTML line. Can you see it?
        To open a new session, please  
    
}

    Defining the Web Server..

    switch -exact -- [HTTP::uri] {
        "/cookie_set" {
            HTTP::respond 302 Location "/cookie_page" "Set-Cookie" "CSS_newSessionDIV_disable=true; path=/"
        }
        "/cookie_remove" {
            HTTP::respond 302 Location "/cookie_page" "Set-Cookie" "CSS_newSessionDIV_disable=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/"
        }
        "/cookie_page" {
            HTTP::respond 200 content $http_content "Content-Type" "text/html"
        }
    }
}

     

    Cheers, Kai