CirrusHey - The Microsoft TMG had a Logoff URI that is appended. How does that convert to the F5 APM. There is a logout URI in the respective policy but it will not take this. Do I need some HTTP forms to handle this, and how do I go about doing it.
"?Cmd=logoff"
CumulonimbusHi,
can you explain what you want?
to logout Access session, you must request /vdesk/hangup.php3
to match the same as screenshot, you can use following code:
when ACCESS_ACL_ALLOWED {
if {[URI::query [HTTP::uri] "Cmd"] equals "logoff"} {
ACCESS::respond 302 noserver Location "/vdesk/hangup.php3"
event disable
TCP::close
return
}
}
CirrusHi Stanislas - Thanks for the response!
Yes, we just want to convert the TMG functionality above to the APM.
Would the iRule below not work better? Wouldn't we want to use
"ACCESS::session remove"when HTTP_REQUEST {
if {[URI::query [HTTP::uri] "Cmd"] equals "logoff"} {
ACCESS::session remove
HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3"
}
}
The two changes you did are useless
it makes more work on reverse proxy if rewriting is required
even ASM detect absolute URL on the same service as a potential violation.
Cirrusthanks for the additional detail!