Nimbostratus
AltocumulusHi Sarthak,
You can pass the ASM Device ID as part of HTTP Header to APM.
So basically, it will be three steps process:
1) Insert ASM Device ID to HTTP Header.
Inside your existing ASM iRule, add this code:
when ASM_REQUEST_DONE {
set device_id [ASM::fingerprint]
set ip [IP::client_addr]
log local0. "Device ID: $device_id, IP: $ip"
}
when HTTP_REQUEST_SEND {
clientside {
# Need to force the host header replacement and HTTP:: commands into the clientside context
# as the HTTP_REQUEST_SEND event is in the serverside context
HTTP::header insert "device_id" "$device_id"
}
}
2) Extract Device ID from HTTP Header and set it as a custom variable in APM.
Create a new iRule and call it in your APM policy:
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when ACCESS_SESSION_STARTED {
#push the device id from the HTTP header to the access policy. Below line brings the device_id value from ASM iRule to APM iRule.
set device_id [HTTP::header value "device_id"]
log "http request to [HTTP::uri] with device_id: $device_id"
ACCESS::session data set "session.custom.device_id" "$device_id"
# Above line defines the custom device_id variable for APM session because in APM device_id variable does not exist.
3) Now you can use this new APM session variable in your access policy: [ACCESS::session data get "session.custom.device_id"]
I hope it helps.
Regards