Nfordhk_66801
Jun 15, 2015Nimbostratus
iRule using DataGroup to bypass APM Policy
Hi,
We have an APM policy to collect the machine name, set it to our domain, and perform an AD lookup. We have to utilize Datagroups to pre-authorize a few users that do not fall into proper AD groups without moving the computer account.
Our current iRule is below. I've created the datagroup and specified the machine names. I'm trying to create an irule that collects the machine name like normal but, bypasses the APM posture check if defined. If not defined, follow standard policy.
Our APM policy --> Windows Info --> Irule Event --> AD Query --> Allow
when RULE_INIT {
set static::THIS_DOMAIN ".ourdomain.com"
} end rule_init
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "get_computer_name" } {
set computer [string tolower [ACCESS::session data get "session.windows_info_os.last.computer"]]
foreach x [split $computer "|"] {
if { $x ends_with $static::THIS_DOMAIN } {
set machinename [lindex [split $x "."] 0]
ACCESS::session data set session.custom.computer $machinename
return
} end if this_domain
} end set computer
} end ACCESS::policy agent_id
} end access policy agent event