Bypass APM login page for internal users

Question

Hi group.  
&nbsp;
I have one virtual server/website that will be accessed by both external and internal users.  This virtual server has an APM profile associated with it that is presenting a login page and is doing basic forms based authentication. &nbsp;
For the external users, I want them to get the APM login page and authenticate...if successful, then be sent to a backend pool.  THIS IS WORKING FINE.&nbsp;
For internal users (coming from RFC1918 networks) I DO NOT want them to see that APM login page, but rather I want the F5 to send those connections directly back to the same backend pool. I'm sure I've seen an iRule for this in the past and I can't seem to find it.  
&nbsp;
Does anyone have an irule that will bypass the APM login page coming from specified networks?&nbsp;
Thanks in advance&nbsp;

stanislas_piro2 · Answer

Hi,
you can use this irule:
when HTTP_REQUEST {
    if { [IP::addr [IP::client_addr]/8 equals 10.0.0.0] or [IP::addr [IP::client_addr]/16 equals 192.168.0.0] or [IP::addr [IP::client_addr]/12 equals 172.16.0.0] } {
        ACCESS::disable
    }
}

if you use a empty box in VPE, it will :
create a Access session URI is stored in landinguriredirect user to /my.policyexecute VPE with empty boxallow user sessionredirect user to the the landinguri previously stored
with this irule, APM will be ignored and the request will go through the virtual server to the pool member without any redirect.

jc_bw · Answer

I've found ACCESS::disable does not work as expected. Even when disable is issued in HTTP_REQUEST the connection proceeds to ACCESS_SESSION_STARTED and gets a session id. Because of that I had to use the VPE to allow internal users to bypass the login page. &nbsp;
Anyone know why this might be or have a similar experience?&nbsp;
BIG-IP 11.6.1HF1&nbsp;

jc_bw_297539 · Answer

I've found ACCESS::disable does not work as expected. Even when disable is issued in HTTP_REQUEST the connection proceeds to ACCESS_SESSION_STARTED and gets a session id. Because of that I had to use the VPE to allow internal users to bypass the login page. &nbsp;
Anyone know why this might be or have a similar experience?&nbsp;
BIG-IP 11.6.1HF1&nbsp;

stanislas_piro2 · Answer

Hi,
I used the ACCESS::disable command on version 11.5.1, 11.5.4, 11.6, 11.6.1, 12.0, 12.1.X, 13.0 and I never had issue with this command.

stanislas_piro2 · Answer

Hi,
I used the ACCESS::disable command on version 11.5.1, 11.5.4, 11.6, 11.6.1, 12.0, 12.1.X, 13.0 and I never had issue with this command.

Forum Discussion

Bypass APM login page for internal users

5 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Bypass Azure Login Page by adding a login hint in the SAML Request

Insufficient permissions BIG-IQ login error

2 internal server vlans

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

Bypass certificate check