ACCESS_ACL_ALLOWED¶
Description¶
This event is triggered when a resource request
passes the access control criteria and is allowed to go through the
ACCESS filter. This event is only triggered for the resource requests
and does not trigger for internal access control URIs (my.policy etc.)
This event is a notification to the administrator that a resource
request is being allowed to go through in the network.
You can use this event to evaluate custom logic which is not supported
natively in an ACL. For example you could further limit the access
based on some specific session variables or some rate control or some
HTTP/SSL properties of the user.
Administrators can use ACCESS::session
commands to get and set session variables in this event or use
ACCESS::acl commands to enforce more ACLs in
addition to TCP/SSL/HTTP iRule commands.
Examples¶
Evaluate an additional ACL rule
when ACCESS_ACL_ALLOWED {
ACCESS::acl eval "additional_acl"
}
Insert a session variable into an HTTP header (the username in this
example):
when ACCESS_ACL_ALLOWED {
set user [ACCESS::session data get "session.logon.last.username"]
HTTP::header replace "X-USERNAME" $user
}
Place a log entry for each request with the full session ID for
troubleshooting
when RULE_INIT {
set static::ACCESS_LOG_PREFIX "01490000:7:"
}
when ACCESS_ACL_ALLOWED {
log -noname accesscontrol.local1.info "$static::ACCESS_LOG_PREFIX [ACCESS::session sid]: [HTTP::method] [HTTP::uri]"
}