access_acl_allowed
3 TopicsAPM: Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED?
Hi Friends Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED? Thanks My iRules: Codewhen ACCESS_POLICY_COMPLETED { set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] set mysession "session_id=[ACCESS::session data get session.user.sessionid]" set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] log local0. "access policy completed get session id" } when ACCESS_ACL_ALLOWED { HSL::send $hsl "<190> $timestamp $mysession \n" log local0. "access policy acl allowed" }`text`492Views0likes5CommentsAPM ACL what is source for IP evaluated
Hi, I am struggling with figuring out what is base for IP evaluated by for example Static ACL in APM. As far as understand ACL object in VPE are only evaluated during Access Policy processing (between ACCESS_SESSION_STARTED and ACCESS_POLICY_COMPLETED) but using ACCESS_ACL_ALLOWED (or denied) I can use ACCESS::acl eval to doper request ACLs. Question is what is used as src and dst IP for ACL evaluation? Is that one of Access Policy variable or actual IPs based on flow? I am asking because I would like to create ACL for forward proxy VS - in this case I can see client IP as src IP but dst IP is VS IP not target server IP (proxy is doing DNS on HTTP proxy request URI - like GET http://www.site.com/something/index.html HTTP/1.1) so in L3/L4 there is no real dst IP known. My idea was to use host from HTTP proxy URI ( do DNSresolveand pass it to access session variable so ACL can use it to evaluate - but not knowing if evaluation is based on session variables makes me wonder if this will work? Piotr314Views0likes3CommentsAPM ACL what is source for IP evaluated
Hi, I am struggling with figuring out what is base for IP evaluated by for example Static ACL in APM. As far as understand ACL object in VPE are only evaluated during Access Policy processing (between ACCESS_SESSION_STARTED and ACCESS_POLICY_COMPLETED) but using ACCESS_ACL_ALLOWED (or denied) I can use ACCESS::acl eval to doper request ACLs. Question is what is used as src and dst IP for ACL evaluation? Is that one of Access Policy variable or actual IPs based on flow? I am asking because I would like to create ACL for forward proxy VS - in this case I can see client IP as src IP but dst IP is VS IP not target server IP (proxy is doing DNS on HTTP proxy request URI - like GET http://www.site.com/something/index.html HTTP/1.1) so in L3/L4 there is no real dst IP known. My idea was to use host from HTTP proxy URI ( do DNSresolveand pass it to access session variable so ACL can use it to evaluate - but not knowing if evaluation is based on session variables makes me wonder if this will work? Piotr248Views0likes0Comments