NiHo_202842
Jun 29, 2015Cirrostratus
How to run iRule after access policy
Hello,
I currently have a virtual server that provides access to specific nodes. This is protected with an access policy (AD auth + local check of username in data group by firing this iRule).
I have another iRule that is used to cherry-pick the node based on the URI.
Now without any access control, this works fine. But when my ac policy enabled, he first executes my node balancing irule and then my access policy. What is kind of strange.
Any suggestions?
My access policy; https://i.imgur.com/MZJH6y4.png
My irule user check;
when RULE_INIT {
Enable for debugging
set static::debug 1
Name of the data group list for the entries, insert partition if necessary. e.g.; list or /UNIX/list
set static::datalist "/UNIX/direct-access-list"
}
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "checkdirectaccess" } {
if {($static::debug eq 1)}{ log local0. "User [ACCESS::session data get "session.logon.last.username"]" }
set found [class match -value [ACCESS::session data get "session.logon.last.username"] equals $static::datalist]
if { !($found eq "")} {
if {($static::debug eq 1)}{ log local0. "Access granted." }
return
} else {
HTTP::respond 401 content "You are not authorized for access. Contact admin@company.com"
}
} else {
if {($static::debug eq 1)}{ log local0. "Policy Agent ID not found: [ACCESS::policy agent_id]" }
}
}