Forum Discussion

Annsar_Akhtar's avatar
Annsar_Akhtar
Icon for Nimbostratus rankNimbostratus
Sep 17, 2017

APM, How to query custom header before routing to Logon Portal

Hi All

 

I am new to APM and setting up a POC to present a logon page, I have been able to set up a basic Access Policy but need to now look at only presenting the logon page to external users and not internal users.

 

I know this possible with a branch rule however the site is hosted via a CDN so internal users also present themselves via an external ip, a custom header is inserted by the CDN which captures the client ip in a custom header.

 

I am want to query the custom header and if matches a known ip address don't present the logon.Being new to APM I have had a read through the forums and not tracked down the best way to approach this.

 

Any suggestions would be welcome

 

APM
application delivery
iRules

3 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 17, 2017

    Hi,

     

    you can use following irule to create a session variable with IP address in header:

     

    when ACCESS_SESSION_STARTED {
    ACCESS::session data set session.custom.CDN_client_IP [HTTP::header "X-Forwarded-For"]
}

    then, create a branch rule filtering on this variable

     

    if you want to disable APM when client IP is internal, you can use following code

     

    when HTTP_REQUEST {
    if {[IP::addr [HTTP::header "X-Forwarded-For"] equals "1.1.1.0/24"]} {
        APM::disable
    }
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 18, 2017

    ACCESS::disable is only working in LTM+APM mode!

     

    Yes, you can configure the branch with advanced expression.

     

    You can configure the expression in first tab then change variable name in second tab!

     

  • Annsar_Akhtar's avatar
    Annsar_Akhtar
    Icon for Nimbostratus rankNimbostratus
    Sep 18, 2017

    Thanks for your help, I have managed to get it working using the branch filter.

     

    Thanks again