Forum Discussion

ehergott_345008's avatar
ehergott_345008
Icon for Nimbostratus rankNimbostratus
Mar 23, 2018

Limit access to a virtual server only when resource selected on WebTop

I have a policy for users to use a WebTop in order to access resources. In a few cases the portal-access method was not working because of some Java intensive websites. To work around this I created virtual servers with an assigned pool to the resource, and then added a WebTop link to the virtual server to the WebTop.

 

It works, but I need to prevent someone from simply going to the virtual server directly without first using the policy. First thought was through an iRule looking for the MRHSession cookie. The iRule is:

 

when HTTP_REQUEST { if { not [HTTP::cookie exists "MRHSession" ] } { reject } }

 

This works when applied to the virtual server. However, due to inconsistencies of users and their handling of cookies I have ran into problems. So I am researching other methods.

 

If anyone has any ideas on how to Enforce policy completion for access to a virtual server I would appreciate it.

 

1 Reply

  • The best practice is to

     

    • use multi domain sso
    • create one ACL related to web top link
    • assign it with webtop link Assign a drop all ACL to any users with ACL order value higher than all other ACL
    • assign access policy to virtual server