APM ACCESS::acl eval and dynamic ACLs

Question

Can someone please clarify what is the argument type for the "ACCESS::acl eval" command? Does it take:&nbsp;
Userdefined ACLsDynamic ACLs
Also, will it accapt F5 ACL syntax as used in definitions for dynamic ACLs? (E.g. {allow http any 1.2.3.4 *} etc.)&nbsp;
The use case behind this question is the ability to reload and evaluate complex dynamic ACLs per request in order to apply new ACLs mid session without forcing the user to start a new session.&nbsp;
The "ACCESS::acl eval" command is called through the ACCESS_ACL_ALLOWED and ACCESS_ACL_DENIED events for each request.&nbsp;
Thank you in advance.&nbsp;

ilija_stankovsk · Answer

After a ticket with the F5 support team, it turned out that the "ACCESS::acl eval" can be used to re-evaluate static, user defined ACLs and not dynamic ACLs. Hopefully documentation will be updated in the iRule wiki to show that clearly.&nbsp;
Also a feature request was submitted to expand the scope of the "ACCESS::acl eval" command to also work with dynamic ACLs. Will it ever show up in a release? Time will tell.&nbsp;

Forum Discussion

APM ACCESS::acl eval and dynamic ACLs

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Regex for dynamic URI

BIG-IP to Azure Dynamic IPsec Tunneling

OAuth 2.0 Dynamic Client Registration

APM Network Access, Application Access, ACL

APM Cookbook: Dynamic APM Variables