Forum Discussion

Steve_245's avatar
Steve_245
Icon for Nimbostratus rankNimbostratus
Sep 14, 2018

APM Deep Linking iRule Help

We are running APM v12.1.3; VCMP guest, two active-standby clusters. APM is internet facing and uses portal access to send traffic to internal application/web servers. Right now we just have a single virtual server with the access policy applied. As this is already in production I would prefer to keep it that way, but if needed will consider other options.

Employees are given links with https://employeeaccesspage.com/insert/deep/link/here. This http host/domain will have a CNAME to a DNS entry that resolves to a WideIP for our APM virutal servers and get the login page. At this point there is the standard APM redirect to /my.policy...normal operation. We can get the original host from the variable "session.server.network.name' and the original URI from the variable "session.server.landinguri". What I want to do is that when the access policy completes and they are presented with the webtop either redirect their page to the deep link destination or open a new tab still being rewritten/proxied by APM to the deep link destination.

Here is what I have so far.

when HTTP_REQUEST {
set http_host [ACCESS::session data get session.server.network.name]
set http_uri [ACCESS::session data get session.server.landinguri]
log local0. "Requested Host is $http_host"
log local0. "Requested URI is $http_uri"
switch -glob [string tolower $http_uri] {
    "**" { 
        set redirect 1
        ACCESS::session data set session.custom.link $redirect 
        log local0. "$redirect : $http_uri"
    }
    "**" { 
        set redirect 1
        ACCESS::session data set session.custom.link $redirect 
        log local0. "$redirect : $http_uri"
    }
}
}

when ACCESS_POLICY_COMPLETED {
log local0. "Policy Completed"
set http_host [ACCESS::session data get session.server.network.name]
set http_uri [ACCESS::session data get session.server.landinguri]
set redirect [ACCESS::session data get session.custom.link]    
log local0. "ACL Event: $redirect : $http_uri"
if { $redirect } {
    switch -glob [string tolower $http_uri] {
        "**" { 
            HTTP::redirect "https://$http_host/f5-w-$$/$http_uri" 
            log local0. "Redirect Concluded for $http_host" 
        }
        "**" { 
            HTTP::redirect "https://$http_host/f5-w-$$/$http_uri" 
            log local0. "Redirect Concluded for $http_host" 
        }
    }
}
   HEX/ASCII hash for internal hosts would be hard coded at this time
   we only want this to work for certain internal platforms
   and do not want that to be done programmatically
}

I receive this error in the LTM logs, APM deletes the session and I am returned to the login page (/my.policy):

Sep 14 08:15:38 hostname err tmm[18859]: 01220001:3: TCL error: /Common/Deep_Linking  - Illegal argument. Can't execute in the current context. (line 7)     invoked from within "HTTP::redirect "https://$http_host/f5-w-$$/$http_uri" "     ("**" arm line 2)     invoked from within "switch -glob [string tolower $http_uri] {             "**" {                  HTTP::redirect "https://$http_host/f5-w-


These two articles look like they contain what I probably need to make this work, but I'm unsure of how to integrate them and get this working. Please help.
Webtop Deeplink
APM Second Browser After Webtop Launch
APM
application delivery
deep linking
irule
iRules
portal access