Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

APM Deep Linking iRule Help

We are running APM v12.1.3; VCMP guest, two active-standby clusters. APM is internet facing and uses portal access to send traffic to internal application/web servers. Right now we just have a single virtual server with the access policy applied. As this is already in production I would prefer to keep it that way, but if needed will consider other options.

Employees are given links with https://employeeaccesspage.com/insert/deep/link/here. This http host/domain will have a CNAME to a DNS entry that resolves to a WideIP for our APM virutal servers and get the login page. At this point there is the standard APM redirect to /my.policy...normal operation. We can get the original host from the variable "session.server.network.name' and the original URI from the variable "session.server.landinguri". What I want to do is that when the access policy completes and they are presented with the webtop either redirect their page to the deep link destination or open a new tab still being rewritten/proxied by APM to the deep link destination.

Here is what I have so far.

when HTTP_REQUEST {
set http_host [ACCESS::session data get session.server.network.name]
set http_uri [ACCESS::session data get session.server.landinguri]
log local0. "Requested Host is $http_host"
log local0. "Requested URI is $http_uri"
switch -glob [string tolower $http_uri] {
    "*<uniquestringforapp>*" { 
        set redirect 1
        ACCESS::session data set session.custom.link $redirect 
        log local0. "$redirect : $http_uri"
    }
    "*<nextappuri>*" { 
        set redirect 1
        ACCESS::session data set session.custom.link $redirect 
        log local0. "$redirect : $http_uri"
    }
}
}

when ACCESS_POLICY_COMPLETED {
log local0. "Policy Completed"
set http_host [ACCESS::session data get session.server.network.name]
set http_uri [ACCESS::session data get session.server.landinguri]
set redirect [ACCESS::session data get session.custom.link]    
log local0. "ACL Event: $redirect : $http_uri"
if { $redirect } {
    switch -glob [string tolower $http_uri] {
        "*<uniquestringforapp>*" { 
            HTTP::redirect "https://$http_host/f5-w-<HEX/ASCII_hash_of_internal_host>$$/$http_uri" 
            log local0. "Redirect Concluded for $http_host" 
        }
        "*<nextappuri>*" { 
            HTTP::redirect "https://$http_host/f5-w-<HEX/ASCII_hash_of_internal_host>$$/$http_uri" 
            log local0. "Redirect Concluded for $http_host" 
        }
    }
}
#   HEX/ASCII hash for internal hosts would be hard coded at this time
#   we only want this to work for certain internal platforms
#   and do not want that to be done programmatically
}

I receive this error in the LTM logs, APM deletes the session and I am returned to the login page (/my.policy):

Sep 14 08:15:38 hostname err tmm[18859]: 01220001:3: TCL error: /Common/Deep_Linking <ACCESS_POLICY_COMPLETED> - Illegal argument. Can't execute in the current context. (line 7)     invoked from within "HTTP::redirect "https://$http_host/f5-w-<HEX/ASCII_hash_of_internal_host>$$/$http_uri" "     ("*<exampleuri>*" arm line 2)     invoked from within "switch -glob [string tolower $http_uri] {             "*<exampleuri>*" {                  HTTP::redirect "https://$http_host/f5-w-<HEX/ASCII_hash_of_internal_host..."

These two articles look like they contain what I probably need to make this work, but I'm unsure of how to integrate them and get this working. Please help.

Webtop Deeplink

APM Second Browser After Webtop Launch

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

In Access events, replace HTTP::redirect with ACCESS::redirect

0
Comments on this Answer
Comment made 5 days ago by Steve_245 123

I get an undefined procedure: ACCESS::redirect when trying this. I've tried with brackets around it and without.

0
Comment made 5 days ago by Stanislas Piron 9065

instead of redirect, you can try to write this variable:

ACCESS::session data set session.policy.result.start_uri "https://$http_host/f5-w-<HEX/ASCII_hash_of_internal_host>$$/$http_uri"
0
Comment made 5 days ago by Stanislas Piron 9065

Sorry,

the command ACCESS::redirect doesn't exist... the command is

 ACCESS::respond 302 Location "https://$http_host/f5-w-<HEX/ASCII_hash_of_internal_host>$$/$http_uri"
0
Comment made 5 days ago by Steve_245 123

This appears to work. Will need to do more testing with some different URIs, but I am no longer receiving the LTM log error/APM session delete, and I am getting to the correct URI/destination. Thank you very much for the help.

0
Comment made 5 days ago by Stanislas Piron 9065

which solution did you use? Access respond or setting variable session.policy.result.start_uri

don't forget to mark the answer as the solution ;-)

0
Comment made 5 days ago by Steve_245 123

I used the ACCESS::respond. I will mark it after I do some more testing.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

look at this question about hostname text to hex encoding

https://devcentral.f5.com/questions/direct-link-through-a-portal-access-

0
Comments on this Answer
Comment made 5 days ago by Steve_245 123

The hyperlink didn't include the trailing hyphen, but I found that article. It looks useful. I will try to see if I can integrate it.

0
Comment made 5 days ago by Stanislas Piron 9065

link corrected... the final dash was out of the link address

0