Forum Discussion
7 Replies
- JoeTheFifthAltostratus
I have an irule which triggers an access policy based on a condition => $EnableAPMPolicy equals 1
when HTTP_REQUEST { ACCESS::disable if { $EnableAPMPolicy equals 1 } { ACCESS::enable }
}
So by default I set ACCESS::disable in the HTTP_REQUEST. This was preventing IE from getting the username variable somehow. I added a condition which only calls ACCESS:disable if $PolicyEnabled = 0 Now IE is happy and variable is passed along.
when HTTP_REQUEST { if { $EnableAPMPolicy equals 0 } { ACCESS::disable } if { $EnableAPMPolicy equals 1 } { ACCESS::enable }
}
- JoeTheFifthAltostratus
After some tests this configuration interferes with office web apps. I have to keep the access:disable by default. Anyone know why this prevents IE from passing the session variable in APM?
- Stanislas_Piro2Cumulonimbus
Is this configuration enabled on the same VS you applied APM Sharepoint Authentication code?
If Yes, I recommend to use version 2 of the code which allow you to manage APM disable in the first HTTP_REQUEST event (lines 50-97).
don't create another irule but edit this one to manage Authentication.
I guess you can manage office web apps by Host header to disable APM.
- JoeTheFifthAltostratus
This issue is becoming very serious now. I have confirmed two configurations where IE11 does not work:
Config A: 1. You have a VS with an APM Policy starting with a logon page, a message box to show the username entered in the logon page and an ldap or ad auth.
- You add an irule on this VS with an Access::disable in the beginning of the http_request and an Access:Enable only if some condition is met.
In this case apm shows an empty value in the user name and of course password is empty too. If you remove the access:disable IE does capture and transfer the username/password.
Config B:
- You create 2 VSs
- On first VS add an irule with a redirect to the second VS if some condition is met.
- You add an APM policy to the second VS, same VPE => logon page, messagebox, auth.
In this case IE does not work.
In both configs Chrome and Firefox work fine.
I have found some info here and there about APM/IE blank values: https://support.f5.com/csp/article/K04732437 https://support.f5.com/csp/article/K16109
Anyone to test/confirm or offer a solution/bypass? Thanks.
- JoeTheFifthAltostratus
So solution was to use this command to clean IE cache during my tests:
rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351