ACCESS_ACL_ALLOWED

Description

This event is triggered when a resource request passes the access control criteria and is allowed to go through the ACCESS filter. This event is only triggered for the resource requests and does not trigger for internal access control URIs (my.policy etc.) This event is a notification to the administrator that a resource request is being allowed to go through in the network.
You can use this event to evaluate custom logic which is not supported natively in an ACL. For example you could further limit the access based on some specific session variables or some rate control or some HTTP/SSL properties of the user.
Administrators can use ACCESS::session commands to get and set session variables in this event or use ACCESS::acl commands to enforce more ACLs in addition to TCP/SSL/HTTP iRule commands.

Examples

Evaluate an additional ACL rule

when ACCESS_ACL_ALLOWED {
      ACCESS::acl eval "additional_acl"
}

Insert a session variable into an HTTP header (the username in this example):
when ACCESS_ACL_ALLOWED {
   set user [ACCESS::session data get "session.logon.last.username"]
   HTTP::header replace "X-USERNAME" $user
}

Place a log entry for each request with the full session ID for troubleshooting
when RULE_INIT {
   set static::ACCESS_LOG_PREFIX  "01490000:7:"
}
when ACCESS_ACL_ALLOWED {
   log -noname accesscontrol.local1.info "$static::ACCESS_LOG_PREFIX [ACCESS::session sid]: [HTTP::method] [HTTP::uri]"
}