How can i use an expression in an APM policy to look for a URI path and then set the branch rule accordingly
How can i use an expression in an APM policy to look for a URI path and then set the branch rule accordingly. I could probably setup the advanced resource assignment item and create a bunch of branch rules that look for specific URI paths alone to be sent over that branch. I would be looking to do 2 checks, one for the URI path and then for a specific URI path i would need to look at the users Group object ID or IDs that he would come in with for accessing that specific URI path, to be able to decide to allow him or no. The specific branch rules would have expressions looking for both these checks. I am trying to configure something like this
Branch rule1:
expr {[mcget {HTTP::URI}] contains "/SOANDSO1/*" && [mcget {session.oauth.client./Common/AzureADB2B_act_ oauth_client_ag.id_token.groups}] contains "xxxxxxxx-xxxxx-xxxxx-xxxx-xxxxxxxxxxxx"}
will be allowed
if there is no match to any of the branch rules, we would have to put a branch rule to look for anything else in the URI path thats being called thats not part of the above guarded URIs and just allow them.( those URIs are not needed to be restricted )
Is that the correct syntax for looking at a HTTP URI using expressions ? and how can I handle the rest of the traffic that does not match successfully with any of these match branch rules
So URI condition matches...
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 639: variable found, let's add it to the local cache "session.server.landinguri"="/soandso1/abc/"(length=28)
and in TCL with && operator, second condition is evaluated only if first is successful
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 610: variable "session.oauth.client./Common/AzureADB2BforInternalApps_act_oauth_client_ag.id_token.groups" was not found in the local cache for session "fdc12271"
but this variable does not exists:
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 625: variable "session.oauth.client./Common/AzureADB2BforInternalApps_act_oauth_client_ag.id_token.groups" for session "fdc12271" was not found in MEMCACHED
look in session variables the name of the expected variable... you may find a variable with "last" to replace the box name like:
session.oauth.client.last.id_token.group