Forum Discussion

randylee168's avatar
randylee168
Icon for Nimbostratus rankNimbostratus
Aug 18, 2024

"ACCESS::disable" - doesn't work when try to bypass Access Policy with an iRule below:

Hello, we are using APM module in F5, there is an existing iRule defined that force all the front end users to use smartcard when access the F5. So we are trying to bypass the "Access Policy" using "ACCESS::disable" for some of the resources below, however, none of them work, can you please let me know if anything wrong below? Per 

https://community.f5.com/discussions/technicalforum/forwarding-requests-to-apm-based-on-uri-/67707  it should work!   Thanks! Very appreciate your help!

 

 

issue
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Aug 19, 2024

    are you sure the path matches the string you use? easy way is to add an log local0. "string to hit" to check it matches what you think.

     

    also the other question you mention adds some things to be case insentive: switch -glob [string tolower [HTTP::path]]

    • randylee168's avatar
      randylee168
      Icon for Nimbostratus rankNimbostratus
      Aug 19, 2024

      Thanks! Yes, i am 100% sure the path match/correct, and it shows in the logs. try "switch -glob [string tolower [HTTP::path]] " does not work either. But if we switch the "ACCESS::enable" to "ACCESS::disable" and "ACCESS::disable" to "ACCESS::enable" . the funcationality  work as expected, the path really "enable" .... but that is not what we want.  so i think there is bug with "ACCESS::disable". thank!!

      • randylee168's avatar
        randylee168
        Icon for Nimbostratus rankNimbostratus
        Aug 19, 2024

        not sure why this "Mark as Solution" since it does not work, again, the "ACCESS::enable" work very well, but "ACCESS::disable" does not work if it is not in "default" , any suggestion? thanks