Forum Discussion
iaine
Sep 28, 2016Nacreous
I had to change this iRule slightly to get it to work for me as I was getting TCL errors for unset variables as well as not getting redirected to the APM login page. My tweaked code is...
when RULE_INIT {
set static::access_debug 0
The logonpage and logoffURI must be entered in all lower case below so when the stringtolower command compares the real path with the static variables, they match correctly
Do not set loginpage variable to my.policy, let the APM redirects occur
set static::logonpage "https://myloginpage.com"
set static::logoffURI "/citrix/remoteappsweb/authentication/logoff"
}
when CLIENT_ACCEPTED {
Set this variable early on to avoid TCL errors
set ctxloggedoutsessions 0
}
when ACCESS_ACL_ALLOWED {
if {$static::access_debug > 1 } { log local0. "uri=[HTTP::uri] | session=[ACCESS::session sid] | client=[IP::client_addr]:[TCP::client_port]" }
Has the user logged off? (Changed to http_uri instead of http_path 6-17-2014)
if {[string tolower [HTTP::uri]] eq $static::logoffURI } {
if {$static::access_debug == 1 } { log local0. "Detected logoff!" }
need to track the sessionID because after the redirect has been sent, the browser may use an
already established (access granted) tcp connection that will be allowed through ACCESS_ACL_ALLOWED.
set ctxloggedoutsessions ctxloggedoutsessions_[ACCESS::session sid]
table add $ctxloggedoutsessions 1 60 90
store the APM session cookies from the request.
if {[HTTP::cookie exists "MRHSession"]} {
set MRHSession [HTTP::cookie MRHSession]
if {$static::access_debug} { log local0. "MRHSession=$MRHSession" }
}
if {[HTTP::cookie exists "LastMRH_Session"]} {
set LastMRH_Session [HTTP::cookie LastMRH_Session]
if {$static::access_debug} { log local0. "LastMRH_Session =$LastMRH_Session " }
}
}
}
when HTTP_RESPONSE {
set sessionstatus [table lookup $ctxloggedoutsessions]
check if this reponse is for a session that has been marked as logged off.
if {$sessionstatus == 1} {
yes, user has logged off.
if {$static::access_debug} { log local0. "Found session [ACCESS::session sid] in table" }
set cookieheaders ""
prepare the APM session cookies to be expired by setting the date to UNIX TS 0
if { [info exists MRHSession] } {
set cookieheaders "MRHSession=$MRHSession;expires=Thu, 01-Jan-1970 00:00:00 GMT;path=/;"
if {$static::access_debug} { log local0. "setting cookie, MRHSession" }
unset MRHSession
}
if { [info exists LastMRH_Session] } {
set cookieheaders "$cookieheaders\r\nSet-Cookie: LastMRH_Session=$LastMRH_Session;expires=Thu, 01-Jan-1970 00:00:00 GMT;path=/;"
if {$static::access_debug} { log local0. "setting cookie, LastMRH_Session" }
unset LastMRH_Session
}
Loop through all other cookies which are set in the repsonse, and expire those as well.
This does not seem to be needed.
if {$static::access_debug} { log local0. "looping cookies..." }
foreach orgCookieName [HTTP::cookie names] {
if {$static::access_debug} { log local0. "found cookie: $orgCookieName=[HTTP::cookie value $orgCookieName]" }
set cookieheaders "$cookieheaders\r\nSet-Cookie: $orgCookieName=[HTTP::cookie value $orgCookieName];expires=Thu, 01-Jan-1970 00:00:00 GMT;[HTTP::cookie path $orgCookieName];"
}
if {$static::access_debug > 0 } { log local0. "Custom cookies: $cookieheaders" }
Send a redirect response to the client. With Connection: Close!
if { $cookieheaders != "" } {
HTTP::respond 302 noserver Location "$static::logonpage" "Set-Cookie" $cookieheaders "X-OLL-CTX-LOGOUT" "1" "Connection" "Close"
TCP::close
} else {
HTTP::respond 302 noserver Location "$static::logonpage" "X-OLL-CTX-LOGOUT" "1" "Connection" "Close"
TCP::close
}
}
}