Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

APM - hostname evaluation and client authentication

Hello All,

I build a policy that depending of the hostname requested by the client, a client certificate is require or not.

This is the view of my policy :

Image Text

The two boxes "Hostname 2 ways" and "Hostname 1 way" are empty box. Within the box the following expression :

"Hostname 2 ways" : Expression: expr { [mcget {session.network.name}] contains "foo" and contains "test.com"}

"Hostname 1 way" : Expression: expr { [mcget {session.network.name}] contains "bar" and contains "test.com"}

During the test, i have an error message saying that the session couldn't be established.

On the APM report i have the following information :

Access policy result: Logon_Deny

Rule evaluation failed with error: syntax error in expression " [mcget {session.network.name}] cont

Is someone have an idea of what i'm doing wrong ?

Thank you for your help

1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

expr { [mcget {session.network.name}] contains "foo" and contains "test.com"}

is not a good expression

expr { ([mcget {session.network.name}] contains "foo") && ([mcget {session.network.name}] contains "test.com")}

if the domain is test.com, it's better to use ends_with instead of contains

Why do you create 2 boxes for hostname check? you can create a second branch in the first box?

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello Stanislas,

Thank you for your reply

I don't have the error message anymore, but it's still not working as i wish, so i will follow your advice about using only one box for hostname check to simplify the policy.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Stanislas,

For the expression

expr { [mcget {session.client.hostname}] contains "HTPA387" }

If i want to allow multiple hostnames, which adding additional branches are not efficient, how can i just add the list of hostnames?

0
Comments on this Answer
Comment made 04-Jun-2018 by youssef 4067

Hi,

If you want to add add list of hostname, you can do this:

expr { [mcget {session.client.hostname}] contains "HTPA387" || [mcget {session.client.hostname}] contains "hostname2" || [mcget {session.client.hostname}] contains "hostname3" }

Regards

0
Comment made 04-Jun-2018 by jkreyes 2

Thanks a lot.

0