Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Custom APM Logon page Access policy evaluation is already in progress for your current session

fredlubrano
Cirrus
Cirrus

Hello,

I am trying to solve a problem as I am blocked by the following message,

When I click on the link '<p>Please register <a href='/register.php'>here</a> if you don't have an account yet.</p>'.":

'Access policy evaluation is already in progress for your current session.'

I have tried several solutions, but to no avail. I am considering implementing this solution: https://community.f5.com/t5/technical-forum/big-ip-16-0-apm-logon-page-and-href-links/m-p/236761. Does anyone have a suggestion?

Thank you, Fred.

 

define(["require", "exports", "tslib", "module", "apmui/page/logon/View"], function (require, exports, tslib_1, module, View_1) {
    "use strict";
    Object.defineProperty(exports, "__esModule", { value: true });
    requirejs.config({
        map: {
            'apmui/master/View': {
                'apmui/page/logon/View': module.id,
            },
        },
    });
    /* Replacement View component */
    var CustomLogonView = /** @class */ (function (_super) {
        tslib_1.__extends(CustomLogonView, _super);
        function CustomLogonView() {
            return _super !== null && _super.apply(this, arguments) || this;
        }
        CustomLogonView.prototype.componentDidMount = function () {
            _super.prototype.componentDidMount.call(this);
 
            var content = document.getElementsByClassName('apmui-content')[0];
            
            var message = document.createElement('div');
            message.style.cssText = 'max-width: 400px; width: 100%; padding-top: 20px;';
            message.id = "message";
            message.innerHTML = '<p>Please register <a href=\'/register.php\'>here</a> if you don\'t have an account yet.</p>';
            content.appendChild(message);
            
 
        };
        return CustomLogonView;
    }(View_1.default));
    exports.default = CustomLogonView;
});

 

 

1 ACCEPTED SOLUTION

Hello, I think I need to take a vacation 🙂 It's just a small irule and a landing URI issue. Fred.

 

 

when HTTP_REQUEST {
    # Log de début
    log local0. "Début de traitement de la requête : [HTTP::uri] avec le referer : [HTTP::header "Referer"]"

    # Vérifiez si l'URI et le referer correspondent à vos critères
    if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } {
        
        # Vérifiez la valeur de la variable de session F5 APM
        set policyResult [ACCESS::session data get "session.policy.result"]
        log local0. "session.policy.result = $policyResult"

        # Si la variable de session n'est pas 'allow', supprimez les cookies
        if {$policyResult ne "allow"} {
            log local0. "La condition de session APM est remplie. Suppression des cookies."

            # Supprimez les cookies MRHSession et LastMRH_Session
            HTTP::cookie remove "MRHSession"
            HTTP::cookie remove "LastMRH_Session"
        } else {
            log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimés."
        }
    }

    # Log de fin
    log local0. "Fin de traitement de la requête : [HTTP::uri]"
}

 

ksnip_20231119-120637.png

 

View solution in original post

4 REPLIES 4

Lucas_Thompson
F5 Employee
F5 Employee

That error happens in this situation:

  1. A user visits an APM-protected URL
  2. APM creates a session and sent the session cookie in a 302 redirect to "/my.policy"
    The session is now in "pending" state and is waiting for POSTs to /my.policy to continue moving through the policy
  3. The user's browser SHOULD send a GET to /my.policy with the session cookie, but instead it sends the APM session cookie in a GET, but not to "/my.policy" 
  4. APM responds with this error

To work around this problem, let the browser follow the my.policy redirect and complete the access policy *before* visiting any other URLs.

fredlubrano
Cirrus
Cirrus

Hello Thomas,
first of all, thank you for your prompt response. I am in scenario number 2: my session is in 'pending' status, and I've tried using this iRule, but it results in a 'too many redirects' error. Do you have any suggestions for resolving this issue?
Thanks,
fred

hen HTTP_REQUEST {
    
    if { [HTTP::uri] equals "/register.php" } {
        set landingURI [ACCESS::session data get "session.server.landinguri"]
        set policyResult [ACCESS::session data get "session.policy.result"]


        log local0. "Vérification de l'URI de la requête : URI=[HTTP::uri], Landing URI=$landingURI, Policy Result=$policyResult"


        if { $landingURI equals "/" and $policyResult equals "not_started" and not [HTTP::cookie exists "MRHSession"] } {
            # Supprimez le cookie MRHSession et redirigez
            HTTP::cookie remove "MRHSession"
            HTTP::redirect "/register.php"

          
            log local0. "Redirection effectuée à cause des conditions remplies : Suppression de cookie MRHSession et redirection vers /register.php"
        }
    }
}

fredlubrano_0-1700132944992.png

 



Hello, I think I need to take a vacation 🙂 It's just a small irule and a landing URI issue. Fred.

 

 

when HTTP_REQUEST {
    # Log de début
    log local0. "Début de traitement de la requête : [HTTP::uri] avec le referer : [HTTP::header "Referer"]"

    # Vérifiez si l'URI et le referer correspondent à vos critères
    if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } {
        
        # Vérifiez la valeur de la variable de session F5 APM
        set policyResult [ACCESS::session data get "session.policy.result"]
        log local0. "session.policy.result = $policyResult"

        # Si la variable de session n'est pas 'allow', supprimez les cookies
        if {$policyResult ne "allow"} {
            log local0. "La condition de session APM est remplie. Suppression des cookies."

            # Supprimez les cookies MRHSession et LastMRH_Session
            HTTP::cookie remove "MRHSession"
            HTTP::cookie remove "LastMRH_Session"
        } else {
            log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimés."
        }
    }

    # Log de fin
    log local0. "Fin de traitement de la requête : [HTTP::uri]"
}

 

ksnip_20231119-120637.png

 

OK great! Sounds like you got it worked out.

This is another situation where APM's weird "Landing URI" type session setup and handling is different than a normal web app.