Forum Discussion

ehergott_345008's avatar
ehergott_345008
Icon for Nimbostratus rankNimbostratus
Apr 23, 2018

iRule not being called during Access Policy

I require an iRule to pass headers during an access Policy. Within the policy I added an iRule event with the ID APM-REDIR-2. That should call the following iRule:

 

when ACCESS_POLICY_AGENT_EVENT { if { [ACESS:policy agent_id] eq "AMP-REDIR-2" } { set CACUPN [ACCESS::session data get "session.logon.last.upn"] set CACCN [ACCESS::session data get "session.ssl.cert.subject"] HTTP::header insert "CACUPN" $CACUPN HTTP::header insert "CACCN" $CACCN log local0. "LOG INFO: $CACUPN" log local0. "LOG INFO: $CACCN" } }

 

I think my problem is the calling of the iRule. When I test the iRule by adding it to a virtual server and replacing the first two lines with - when ACCESS_ACL_ALLOWED - I can see the log entries, and I see the headers being passed. I cannot see the log entries when I call it in the policy.

 

However, I need to call it in the policy and pass the headers to a pool also assigned during policy. If anyone can see where I am messing up I would appreciate it.

 

1 Reply

  • Smithy's avatar
    Smithy
    Icon for Cirrostratus rankCirrostratus

    The iRule doesn't parse. Also a number of spelling mistakes: APM-REDIR-2 != AMP-REDIR-2

    Try this:

    when ACCESS_POLICY_AGENT_EVENT {
       if { [ACCESS::policy agent_id] eq "APM-REDIR-2" } {
          set CACUPN [ACCESS::session data get "session.logon.last.upn"]
          set CACCN [ACCESS::session data get "session.ssl.cert.subject"]
          HTTP::header insert "CACUPN" $CACUPN
          HTTP::header insert "CACCN" $CACCN
          log local0. "LOG INFO: $CACUPN" log local0. "LOG INFO: $CACCN"
       }
    }