NimbostratusI want to change a variable caught by the APM.
The current var: session.logon.last.domain = local.domain
I want to replace it if the session.logon.last.domain is local.domain to something else
For example:
if session.logon.last.domain = local.domain
then session.logon.last.fqdomain = abc.remote
How do I do that in variable assign in APM VPE?
Hi,
This is done with an iRule, you must map localdomain as the Agent ID within the VPE. You also must attach the iRule to the virtual in the normal fashion.
when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
"localdomain" {
do something here
if { [ACCESS::session data get session.logon.last.domain] equals "local.domain" } {
ACCESS::session data set session.logon.last.fqdomain "abc.remote"
}
}
}
}
Cheers,
Kees
MVPHi Noam,
the best way to check and selectively transform the requested APM session variable, is to use a Variable Assign action item in VPE containing some custom TCL code.
Variable Assign Action
set current_domain [mcget {session.logon.last.domain}] ;
if { $current_domain equals "local.domain" } then {
return "abc.remote" ;
} else {
return $current_domain ;
} ;
Note: You can also check the domain name with an branch rule and trigger the variable assign action only if "local.domain" is currently selected. This will eliminate the else part of the expression, but on the other hand may clutter the policy little more. In the end both methods will work out, so its up to you...
Cheers, Kai
CumulonimbusHi,
the code provided by Kai is good and working fine.
I think you can change the other part of the variable assign with regex
if {[regexp {othername:UPN<[^@]+@([^>]+)>} [mcget {session.ssl.cert.x509extension}] UPNFull current_domain]} {
if { $current_domain equals "local.domain" } then {
return "abc.remote" ;
} else {
return $current_domain ;
} ;
} else {return ""}regex is almost every time worse than string compare like equals, but with split, foreach, string first commands, but regex is better than this code.