NimbostratusSpecify Access Policy in LTM iRule
We have more domain names than external IP's, so I've created a general VS and do a switch on the hostname and route to the correct backend pools for those services.
What I'm running into is that on some of these hosts I need to have a specific access policy triggered when a certain hostname is hit. The flow needs to go VS -> iRule -> Access Policy Specification -> Pool/Resource Assignment, not VS -> Access policy -> iRule -> pool/resource assignment.
pseudo code example:
when HTTP_REQUEST{
switch (get hostname) {
"host1.company.local" {
pool host1_pool
}
"host2.company.local" {
pool host2_pool
}
"host3.company.local" {
ACCESS:enable /Common/host3_apm (the crux of it all)
}
}
I've tried the example for the ACCESS::poliyc evaluate, but that always fails the evaluation. The access policy I'm using is a logon page with basic RADIUS auth. I can't find anything in any documentation on how to accomplish this.
Reasons I'm doing it this way:
There are 30+ hosts in this iRule and VS, I can't put an access policy on the VS without breaking a lot of things.
Don't want to burn an external IP for an app that .01% of company will use.
Things I've considered:
Setup Access policy on VS anyway, first part of policy would be to evaluate the irule referenced above and do nothing unless it's this one host specific hostname.
Setup a new VS, then set it up with the access policy and then make a pool of that new VS and go from there. It would flow like ExistingVS -> iRule -> pool -> NewVS_with_AccessPolicy -> AccessPolicy -> ResourceAssignment_to_Actual_Webserver. This one leaves me with a bad taste though.
