Wiki: iRules API


iRules commands and events for working with the LTM Access Policy Manager module.


  • ACCESS::acl - Poll or enforce ACLs in your connections
  • ACCESS::disable - Control enforcement for a particular request URI
  • ACCESS::enable - enables the access control enforcement for a particular request URI
  • ACCESS::log - logs a message using APM logging framework
  • ACCESS::oauth - returns a JSON Web Signature token
  • ACCESS::perflow - String of perflow variable; empty if value isn't set
  • ACCESS::policy - Return information about access policies
  • ACCESS::respond - This command generates new respond and automatically overrides the default respond.
  • ACCESS::restrict_irule_events - Enable or disable HTTP and higher layer iRule events for the internal APM access control URIs
  • ACCESS::session - Access or manipulate session information.
  • ACCESS::user - Returns user ID information
  • ACCESS::uuid - enumerates the session IDs that belongs to a specified uuid key by the order of its creation and provides them in a Tcl list
  • WEBSSO::disable - Forwards a request without doing SSO processing on it.
  • WEBSSO::enable - Causes APM to do the SSO processing on a request.
  • WEBSSO::select - Use specified SSO configuration object to do SSO for the HTTP request


  • ACCESS_ACL_ALLOWED - This event is triggered when a resource request passes the access control criteria and is allowed to go through the ACCESS filter. This event is only triggered for the resource requests and ...
  • ACCESS_ACL_DENIED - This event is triggered when a resource request fails to meet the access control criteria and is denied access.
  • ACCESS_POLICY_AGENT_EVENT - This event provides glue between iRule execution and access policy execution.
  • ACCESS_POLICY_COMPLETED - This event is triggered when the access policy execution completes for a user session.
  • ACCESS_SESSION_CLOSED - This event is triggered when a user session is removed due to a user logging out explicitly. timeout or if terminated explicitly by admin.
  • ACCESS_SESSION_STARTED - This event is triggered when a new user session is created. This is triggered after creating the session context and initial session variables related to user's source IP. browser capabiliti...
  • REWRITE_REQUEST_DONE - always triggered after the ACCESS_ACL_ALLOWED event when a Portal Access resource is accessed.
  • REWRITE_RESPONSE_DONE - only trigged when the REWRITE_REQUEST_DONE event calls REWRITE::post_process on.