Forum Discussion
Michael_Jenkins
Dec 19, 2014Cirrostratus
The way that I've done it in our environment is the check for a valid APM session on each request. If there's no valid session, then redirect the user.
when HTTP_REQUEST {
if { not ([ACCESS::policy result] equals "allow") } {
HTTP::respond 302 "http://something.org" "Connection" "Close"
}
}
You could also perform a cookie check for MRHSession and LastMRH_Session cookies, which contain the session id for the APM session. If those don't exist, you know there's no valid session.
if { not ([HTTP::cookie exists "MRHSession"] || [HTTP::cookie exists "LastMRH_Session"]) } {
HTTP::respond 302 "http://something.org" "Connection" "Close"
}
This is a very basic way of checking, but should be effective. the
[ACCESS::policy result]
will be "allow", "deny" or ""
from what I've seen. So you could make the checks more complex if necessary, but this should give you an idea.
You can check out the this link for more info on ACCESS::session.