cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

using irules to deliver pages

AlexS_yb
Cirrostratus
Cirrostratus

Hi

 

I have a VS which is acting as my SSO - its the landing spot for multidomain SSO.

I have a VS (it has ASM applied first) that then goes to another VS (this has APM applied)

 

I have a irule file with

when HTTP_REQUEST {

switch

"/status/* {

# with

HTTP::respond 200 content

}

 

 

I also have

    set sid [ACCESS::session sid]

    if { $sid == "" } {

 

how I get here is I browse to auth/status and if I have no valid cookies, then it logs me in. once I log in , I then go to the console and delete the session

but I can still get to auth/status with out the APM saying hey you cookie / session id is invalid.

 

how can I get irule to force a relogin back in ? and then return to auth/status ?

 

Why does apm allow me to get there ???

Also I have a per request policy with just does the SSO mapping item and then allow.

 

very confused

 

so why not put a back end to it. I want access to the session info

 

 

1 REPLY 1

The description of your issue is confusing and better edit your question with precise description of the issue.

 

 

For the ASM VIP to APM VIP you use Layered VS (https://support.f5.com/csp/article/K54217479) ?

 

 

You can also configure the ASM to protect the APM login page, so no one can can click other pages if they have not passed the login page:

 

https://support.f5.com/csp/article/K13315545

 

 

I think that you can use the Per-Request policy to force again a login.

 

 

 

 

Better review your multy domain config if you think that there are issues as you need to be carefull with profile scope (https://devcentral.f5.com/s/question/0D51T00006j20Ce/v12-apm-profile-scope😞

 

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-1-0/2...

 

 

https://clouddocs.f5.com/training/community/iam/html/archived/class7/module1/lab7.html

 

 

 

 

 

For to clear APM session with iRule use "ACCESS::session remove"

 

 

https://clouddocs.f5.com/api/irules/ACCESS__session.html