ltm rule command ACCESS restrict irule events
iRule(1) BIG-IP TMSH Manual iRule(1)
ACCESS::restrict_irule_events
Enable or disable HTTP and higher layer iRule events for the internal
APM access control URIs.
SYNOPSIS
ACCESS::restrict_irule_events (enable | disable)
DESCRIPTION
During access policy execution, ACCESS creates requests to various URIs
related to various access policy processing. These includes /my.policy
and other pages (logon, message box etc.) shown to the end user. By
default from 11.0.0 onward, HTTP and higher layer iRule events are not
raised for the internal access control URIs. All events except
ACCESS_SESSION_STARTED, ACCESS_SESSION_CLOSED,
ACCESS_POLICY_AGENT_EVENT, ACCESS_POLICY_COMPLETED are blocked (not
raised) for internal access control URI. This command allows admin to
overwrite the default behavior. ACCESS::restrict_irule_events disable
Disables the default behavior and enables admin to enable HTTP and
higher layer iRule events for the internal access control URI. Admin
can use this to handle these URIs in their iRules if needed. Please
note that changing processing for these internal URIs can interfere
with access policy. Scope of this command is per flow. Once enabled
for a flow, all subsequent internal access control URI requests will
have events raised during processing
ACCESS::restrict_irule_events [enable|disable]
* todo
* Requires APM module
RETURN VALUE
VALID DURING
CLIENT_ACCEPTED
EXAMPLES
This iRule allows a customer to hide some error pages from the
end-user. For e.g. Invalid SID error page is shown to user by
redirecting user to /my.logout.php3?errorcode=19. In one case, user
hits this error url if they were to bookmark /my.policy instead of the
root, APM responds saying "you have an invalid session, click here to
log in". Admin can change that just 302 user back to /. Redirect to "/"
with invalid SID starts a new session.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
if { [HTTP::uri] ends_with "/my.logout.php3?errorcode=19" }{
HTTP::redirect "/"
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)