Enable APM on Specific URI only and Force OTP
Hi All,
I am trying to selctively enable APM policy processing on a SharePoint subsite. Basically what I want to do is authentication and OTP enforcement on a subsite of SharePoint. I created the follwing Irule, which seems to work for the initial spawning of the F5 Logon page. After log on I get a page can not be displayed. After removing the Irule I am able to logon and get the OTP working but....
I only want the OTP and authentication offload for a specific subsite. Removing the Irule makes all traffic go via APM. I created a Landing URI selection in the policy in which I only route traffic for the specific URI through a macro that does the authentication and OTP part. All other traffic not destined for the specific URI is allowed to go throug directly via an Allow ending.
The problem is that users can go to the Top Level site first and do a direct logon to SharePoint there. APM treats this traffic as allowed because of my allowed ending and sets the APM cookies. When users go to the specific subsite in the same browser session they will not be asked to enter their credentials and OTP because APM detects the cookie that was set when the user browsed the top level site. I can't block or ask OTP access to the toplevel site and all other subsites because of the nature of the sites running on that farm. I tried the follwing Irule;
when HTTP_REQUEST {
Check the requested HTTP path
switch -glob [string tolower [HTTP::path]] {
"/myuri*" {
Enable APM for this path
ACCESS::enable
}
default {
Disable APM all others
ACCESS::disable
}
}
}
Hopefully you all have a better and functioning way to get this right...
Kind regards,
Martijn