Forum Discussion

Nimbostratus

Jun 14, 2012

APM support for web services

I have setup APM to perform certificate authentication and use LDAP query to check the user assigned with the certificate is a valid user. The client certificate authentication comes with LTM does no...

Nimbostratus

Jun 14, 2012

APM is obviously intended out of the box to support clients that support javascript, cookies etc.

There are definitely ways to do what you want, but it's going to be more than just bypassing the client check... you are also going to have to manually perform the cookie insertion that the APM automatically does to identify a user flow. We do this now for some of the in built iRules used for Microsoft Exchange clients like ActiveSync & Outlook Anywhere.

The basic principal in achieving this is to insert a HTTP header as such:

HTTP::header insert "clientless-mode" 1

This will force APM to bypass the logon page, and should continue with the SSL certificate check. You'll then need to form your own MRHSession cookie which is what the APM uses to track a valid user session.

Take a look at the system iRule _sys_APM_ExchangeSupport_main, which has been designed to perform this task. This uses a md5 hash of some TCL variables to form the MRHSession cookie which should be sufficient to uniquely identify the user session.

Forum Discussion

APM support for web services

Recent Discussions

iRule condition - request contains more than 10000 parameters

Citrix XenServer Big-IP Upgrade help

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Support and Help for DevCentral and Offline Contact

Kubernetes architecture options with F5 Distributed Cloud Services

Is f5-service-discovery-1.0.0-1.noarch.rpm still supported?

Cipher Suites Supported (12.1.5.3)

Getting Started with F5 Distributed Cloud Managed Services