Forum Discussion
Kevin_Stewart
Sep 14, 2012Employee
ACCESS_POLICY_AGENT_EVENT is regular event, so the following works:
when ACCESS_POLICY_AGENT_EVENT {
log local0. "do something..."
}
To amplify Eric's comments though, this event can actually be triggered multiple times inside the access policy. That's why you need to do the ACCESS::session agent_id check to make sure you're processing the right stuff at the right time. Now as far as pooling based on URI, understand that while the connection is inside the access policy process, no traffic is going to the application. There are potentially several 302 redirects that occur before the final redirect back to the application URI signalling the end of the policy. So you need to wait until after the access policy has completed. Probably one of the easiest places to do that is in the ACCESS_ACL_ALLOWED event, which fires on every request AFTER the policy has been completed.