Checking for APM variable existence
I need a conditional action to populate some APM variables into headers. These variables are going to be client-ip, Cert Issuer, Cert Subject, F5-Session ID,F5-Session start time, Cert email. If the user doesn't present a cert - they will still be permitted to pass through to the app, but I'll only send three headers for the info I have - client-ip, APM Session ID, APM session start.
If the user presents a cert, I'll send all five headers: client-ip, Session ID, Session start, Cert Issuer, Cert Subject, Cert email.
Now the trick is that I never want to send empty headers. I find that I can either send three all the time or send five with three empty but I'm having difficulty getting the variable conditional checking to work.
I've tried a few techniques but nothing seems to give me the behaviour I need. I know the variables are there for both access policy paths - but the non cert path should never have an email variable. I was hoping I could simply do something like:
if variable email exists - send all five else send three... looking for any suggestions here
when ACCESS_ACL_ALLOWED {
if { [ACCESS::session exists session.custom.cert.email] } {
[HTTP::header] insert "X-Forwarded-For" [IP:client_addr]
[HTTP::header] insert "X-F5-SessionID" [ACCESS::session sid]
[HTTP::header] insert "X-F5-Session-start" [ACCESS::session data get session.custom.start.time]
[HTTP::header] insert "X-F5-Cert-Issuer" [ACCESS::session data get session.ssl.cert.issuer]
[HTTP::header] insert "X-F5-Cert-Subject" [ACCESS::session data get session.ssl.cert.subject]
[HTTP::header] insert "X-F5-Cert-Subject" [ACCESS::session data get session.custom.cert.email]
return
}
else {
[HTTP::header] insert "X-Forwarded-For" [IP:client_addr]
[HTTP::header] insert "X-F5-SessionID" [ACCESS::session sid]
[HTTP::header] insert "X-F5-Session-start" [ACCESS::session data get session.custom.start.time]
}
}