Forum Discussion

MDPF52_180608's avatar
MDPF52_180608
Icon for Nimbostratus rankNimbostratus
Nov 19, 2015

APM Select branch based on URI

Hi DevCentral Community,

 

I am trying to implement the branch selection based on the URI. The user lands on the Logon page, if he clicks on the Password reset link it will be redirected to "/resetpwd" and it will follow the other branch based on the URI. I think that is issue is related to the apm session because the session is created when the user lands on the logon page the apm session is already in place so it will not follow the other branch. If he tries to browse on "/resetpwd" the "Access policy evaluation is already in progress" message is prompted.

 

Please, can you help me to find a workaround for this ?

 

Thanks in advance,

 

M.

 

APM
application delivery
LTM

2 Replies

Sort By
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Nov 19, 2015

    Your session must get to "Allow" or "Redirect + Allow" state in order to pass APM and be allowed to the pool. Watch the logs (/var/log/apm) carefully while you're testing your Access Policy logic.

     

    As you've found, you can't present a link during access policy evaluation to get back into the access policy again, because APM assumes that your session (with the cookie you have) is currently processing and not yet complete. Don't do a link. Instead, just allow the user to get all the way to the end for the "resetpw" case, assign a restrictive ACL that only allows the "resetpw" functionality, and use an allow+redirect ending.

     

    Of course you can get around anything using irules, but for a simple situation like this it would be better to use just access policy items to do it.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 19, 2015

    Can you try this irule:

    when HTTP_REQUEST {
    set apmsessionid [HTTP::cookie value MRHSession]
   if { ([string tolower [HTTP::path]] equals "/resetpwd")  and ([ACCESS::session exists -state_inprogress $apmsessionid])}{
        ACCESS::session data set session.server.landinguri "/resetpwd"
    }
}