iRules commands and events for working with the LTM Access Policy Manager module.


  • ACCESS::acl - Poll or enforce ACLs in your connections
  • ACCESS::disable - Control enforcement for a particular request URI
  • ACCESS::enable - enables the access control enforcement for a particular request URI
  • ACCESS::flowid - set/get the flow id for SSL Orchestrator using APM logging framework
  • ACCESS::log - logs a message using APM logging framework
  • ACCESS::oauth - returns a JSON Web Signature token
  • ACCESS::perflow - String of perflow variable; empty if value isn’t set
  • ACCESS::policy - Return information about access policies
  • ACCESS::respond - This command generates new respond and automatically overrides the default respond.
  • ACCESS::restrict_irule_events - Enable or disable HTTP and higher layer iRule events for the internal APM access control URIs
  • ACCESS::saml - allows you to retrieve or manipulate SAML related messages
  • ACCESS::session - Access or manipulate session information.
  • ACCESS::user - Returns user ID information
  • ACCESS::uuid - enumerates the session IDs that belongs to a specified uuid key by the order of its creation and provides them in a Tcl list
  • ACCESS2::access2_proc - return the TCL procedure registered for currently executing per-request policy expression.
  • WEBSSO::disable - Forwards a request without doing SSO processing on it.
  • WEBSSO::enable - Causes APM to do the SSO processing on a request.
  • WEBSSO::select - Use specified SSO configuration object to do SSO for the HTTP request


  • ACCESS_ACL_ALLOWED - This event is triggered when a resource request passes the access control criteria and is allowed to go through the ACCESS filter. This event is only triggered for the resource requests and …
  • ACCESS_ACL_DENIED - This event is triggered when a resource request fails to meet the access control criteria and is denied access.
  • ACCESS_POLICY_AGENT_EVENT - This event provides glue between iRule execution and access policy execution.
  • ACCESS_POLICY_COMPLETED - This event is triggered when the access policy execution completes for a user session.
  • ACCESS_SESSION_CLOSED - This event is triggered when a user session is removed due to a user logging out explicitly. timeout or if terminated explicitly by admin.
  • ACCESS_SESSION_STARTED - This event is triggered when a new user session is created. This is triggered after creating the session context and initial session variables related to user’s source IP. browser capabiliti…
  • REWRITE_REQUEST_DONE - always triggered after the ACCESS_ACL_ALLOWED event when a Portal Access resource is accessed.
  • REWRITE_RESPONSE_DONE - only trigged when the REWRITE_REQUEST_DONE event calls REWRITE::post_process on.


The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.