ltm rule event ACCESS ACL ALLOWED
iRule(1) BIG-IP TMSH Manual iRule(1)
ACCESS_ACL_ALLOWED
This event is triggered when a resource request passes the access
control criteria and is allowed to go through the ACCESS filter.
DESCRIPTION
This is triggered when a resource request passes the access control
criteria and is allowed to go through the ACCESS filter. This event is
only triggered for the resource requests and does not trigger for
internal access control URIs (my.policy etc.) This event is a
notification to the administrator that a resource request is being
allowed to go through in the network.
You can use this event to evaluate custom logic which is not supported
natively in an ACL. For example you could further limit the access
based on some specific session variables or some rate control or some
HTTP/SSL properties of the user.
Administrators can use commands to get and set session variables in
this event or use commands to enforce more ACLs in addition to
TCP/SSL/HTTP iRule commands.
Examples
Evaluate an additional ACL rule
when ACCESS_ACL_ALLOWED {
ACCESS::acl eval "additional_acl"
}
Insert a session variable into an HTTP header (the username in this example):
when ACCESS_ACL_ALLOWED {
set user [ACCESS::session data get "session.logon.last.username"]
HTTP::header insert "X-USERNAME" $user
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-10.1.0 --First introduced the event. --Requires APM module
BIG-IP 2017-01-31 iRule(1)