ACCESS::restrict_irule_events¶
Description¶
During access policy execution, ACCESS creates requests to various
URIs related to various access policy processing. These includes
/my.policy and other pages (logon, message box etc.) shown to the end
user. By default from 11.0.0 onward, HTTP and higher layer iRule
events are not raised for the internal access control URIs. All events
except ACCESS_SESSION_STARTED, ACCESS_SESSION_CLOSED,
ACCESS_POLICY_AGENT_EVENT, ACCESS_POLICY_COMPLETED are blocked (not
raised) for internal access control URI.
This command allows admin to overwrite the default behavior.
ACCESS::restrict_irule_events disable
Disables the default behavior and enables admin to enable HTTP and
higher layer iRule events for the internal access control URI. Admin
can use this to
handle these URIs in their iRules if needed. Please note that changing
processing for these internal URIs can interfere with access policy.
Scope of this command is per flow. Once enabled for a flow, all
subsequent internal access control URI requests will have events
raised during processing
Examples¶
This iRule allows a customer to hide some error pages from the
end-user. For e.g. Invalid SID error page is shown to user by
redirecting user to /my.logout.php3?errorcode=19. In one case, user
hits this error url if they were to bookmark /my.policy instead of the
root, APM responds saying “you have an invalid session, click here to
log in”. Admin can change that just 302 user back to /. Redirect to
“/” with invalid SID starts a new session.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
if { [HTTP::uri] ends_with "/my.logout.php3?errorcode=19" }{
HTTP::redirect "/"
}
}