Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

How to make a branch decsision based on HTTP header in an Access Policy?

Hello everyone,
I have to make a branch decision in an Access Policy based on the value in the HTTP header field 'host'. For example, if [HTTP::host] matches foo.example.com a given branch (like passway) should be followed. Otherwise 'fallback' should be used.

I'm not trained in creating iRules and do not know how to make this branch decsision otherwise. It would be great if someone could give an example on which item in the access policy to use and could provide a sample snippet explaining how the above decsision could be made.

Thanks in advance,
Joerg

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

HTTP Host header is already provisioned in a Access variable:

session.server.network.name

You van use this branch expression:

expr { [mcget {session.server.network.name}] == "foo.example.com" }

if you want to collect another HTTP header, don't use iRule Event but this irule code:

when ACCESS_SESSION_STARTED {
    ACCESS::session data set session.custom.myHeader [HTTP::header myHeader]
}

This ACCESS_SESSION_STARTED raise just before Access session redirect to /my.policy

This event is the best time to catch first request content (HTTP headers, URI, query string, HTTP Method, ...)

2
Comments on this Answer
Comment made 1 month ago by JoergK 2

Hi,
Thanks for both of your answers. I was not aware that the host header is already stored in session.server.network.name. So I have chosen the solution from Stanislas.

Thanks,
Joerg

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I don't think you cannot use iRule commands in APM policies only TCL so you will need an iRule.

What you can do is in an iRule set the HTTP Host header to a session variable, in the Policy add the iRule Event with an ID of getHost and add the following iRule.

This will set the a lowercase host header (stripping off any port e.g. :8443) to a session variable named session.custom.host.

when ACCESS_POLICY_AGENT_EVENT {
        switch [ACCESS::policy agent_id] {
            "getHost" {
                ACCESS::session data set session.custom.host [string tolower [getfield [HTTP::host] ":" 1]]
            }
        }
    }

You can then use this session variable value in your branch selection e.g.

expr { [mcget {session.custom.host}] == "foo.example.com" }

Image Text

Image Text

0