Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Custom APM Logon page Access policy evaluation is already in progress for your current session

Go to solution
fredlubrano
Cirrus
Cirrus

‎14-Nov-2023 09:09 - edited ‎14-Nov-2023 09:47

Hello,

I am trying to solve a problem as I am blocked by the following message,

When I click on the link '<p>Please register <a href='/register.php'>here</a> if you don't have an account yet.</p>'.":

'Access policy evaluation is already in progress for your current session.'

I have tried several solutions, but to no avail. I am considering implementing this solution: https://community.f5.com/t5/technical-forum/big-ip-16-0-apm-logon-page-and-href-links/m-p/236761. Does anyone have a suggestion?

Thank you, Fred.

 

define(["require", "exports", "tslib", "module", "apmui/page/logon/View"], function (require, exports, tslib_1, module, View_1) {
    "use strict";
    Object.defineProperty(exports, "__esModule", { value: true });
    requirejs.config({
        map: {
            'apmui/master/View': {
                'apmui/page/logon/View': module.id,
            },
        },
    });
    /* Replacement View component */
    var CustomLogonView = /** @class */ (function (_super) {
        tslib_1.__extends(CustomLogonView, _super);
        function CustomLogonView() {
            return _super !== null && _super.apply(this, arguments) || this;
        }
        CustomLogonView.prototype.componentDidMount = function () {
            _super.prototype.componentDidMount.call(this);
 
            var content = document.getElementsByClassName('apmui-content')[0];
            
            var message = document.createElement('div');
            message.style.cssText = 'max-width: 400px; width: 100%; padding-top: 20px;';
            message.id = "message";
            message.innerHTML = '<p>Please register <a href=\'/register.php\'>here</a> if you don\'t have an account yet.</p>';
            content.appendChild(message);
            
 
        };
        return CustomLogonView;
    }(View_1.default));
    exports.default = CustomLogonView;
});

 

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
fredlubrano
Cirrus
Cirrus
In response to fredlubrano

‎19-Nov-2023 03:16 - edited ‎19-Nov-2023 03:40

Hello, I think I need to take a vacation 🙂 It's just a small irule and a landing URI issue. Fred.

 

 

when HTTP_REQUEST {
    # Log de début
    log local0. "Début de traitement de la requête : [HTTP::uri] avec le referer : [HTTP::header "Referer"]"

    # Vérifiez si l'URI et le referer correspondent à vos critères
    if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } {
        
        # Vérifiez la valeur de la variable de session F5 APM
        set policyResult [ACCESS::session data get "session.policy.result"]
        log local0. "session.policy.result = $policyResult"

        # Si la variable de session n'est pas 'allow', supprimez les cookies
        if {$policyResult ne "allow"} {
            log local0. "La condition de session APM est remplie. Suppression des cookies."

            # Supprimez les cookies MRHSession et LastMRH_Session
            HTTP::cookie remove "MRHSession"
            HTTP::cookie remove "LastMRH_Session"
        } else {
            log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimés."
        }
    }

    # Log de fin
    log local0. "Fin de traitement de la requête : [HTTP::uri]"
}

 

ksnip_20231119-120637.png

 

View solution in original post

4 REPLIES 4

Go to solution
Lucas_Thompson
F5 Employee
F5 Employee

‎15-Nov-2023 11:42

That error happens in this situation:

  1. A user visits an APM-protected URL
  2. APM creates a session and sent the session cookie in a 302 redirect to "/my.policy"
    The session is now in "pending" state and is waiting for POSTs to /my.policy to continue moving through the policy
  3. The user's browser SHOULD send a GET to /my.policy with the session cookie, but instead it sends the APM session cookie in a GET, but not to "/my.policy" 
  4. APM responds with this error

To work around this problem, let the browser follow the my.policy redirect and complete the access policy *before* visiting any other URLs.

Go to solution
fredlubrano
Cirrus
Cirrus

‎16-Nov-2023 03:20

Hello Thomas,
first of all, thank you for your prompt response. I am in scenario number 2: my session is in 'pending' status, and I've tried using this iRule, but it results in a 'too many redirects' error. Do you have any suggestions for resolving this issue?
Thanks,
fred

hen HTTP_REQUEST {
    
    if { [HTTP::uri] equals "/register.php" } {
        set landingURI [ACCESS::session data get "session.server.landinguri"]
        set policyResult [ACCESS::session data get "session.policy.result"]


        log local0. "Vérification de l'URI de la requête : URI=[HTTP::uri], Landing URI=$landingURI, Policy Result=$policyResult"


        if { $landingURI equals "/" and $policyResult equals "not_started" and not [HTTP::cookie exists "MRHSession"] } {
            # Supprimez le cookie MRHSession et redirigez
            HTTP::cookie remove "MRHSession"
            HTTP::redirect "/register.php"

          
            log local0. "Redirection effectuée à cause des conditions remplies : Suppression de cookie MRHSession et redirection vers /register.php"
        }
    }
}

fredlubrano_0-1700132944992.png

 



0 Kudos

Go to solution
fredlubrano
Cirrus
Cirrus
In response to fredlubrano

‎19-Nov-2023 03:16 - edited ‎19-Nov-2023 03:40

Hello, I think I need to take a vacation 🙂 It's just a small irule and a landing URI issue. Fred.

 

 

when HTTP_REQUEST {
    # Log de début
    log local0. "Début de traitement de la requête : [HTTP::uri] avec le referer : [HTTP::header "Referer"]"

    # Vérifiez si l'URI et le referer correspondent à vos critères
    if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } {
        
        # Vérifiez la valeur de la variable de session F5 APM
        set policyResult [ACCESS::session data get "session.policy.result"]
        log local0. "session.policy.result = $policyResult"

        # Si la variable de session n'est pas 'allow', supprimez les cookies
        if {$policyResult ne "allow"} {
            log local0. "La condition de session APM est remplie. Suppression des cookies."

            # Supprimez les cookies MRHSession et LastMRH_Session
            HTTP::cookie remove "MRHSession"
            HTTP::cookie remove "LastMRH_Session"
        } else {
            log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimés."
        }
    }

    # Log de fin
    log local0. "Fin de traitement de la requête : [HTTP::uri]"
}

 

ksnip_20231119-120637.png

 

Go to solution
Lucas_Thompson
F5 Employee
F5 Employee
In response to fredlubrano

‎20-Nov-2023 09:18

OK great! Sounds like you got it worked out.

This is another situation where APM's weird "Landing URI" type session setup and handling is different than a normal web app.

0 Kudos
Copyright © 2023 Khoros, LLC