Manual Chapter : Common Elements for the per-request policy in Access Policy Manager

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 14.1.0
Manual Chapter

Common Elements for the per-request policy in Access Policy Manager

You can put a subroutine to use by adding it to the per-request policy.
  1. Add the subroutine to the per-request policy:
    1. On a per-request policy branch, click the (
      +
      ) icon.
    2. Select the Subroutines tab.
    3. Select the subroutine and click
      Add Item
      .
      The popup screen closes and the policy displays.
  2. With the per-request policy open in the visual policy editor, click the (
    +
    ) icon on a per-request policy branch.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  3. Select the Subroutines tab.
  4. Select a subroutine and click
    Add Item
    .
    The popup screen closes and the per-request policy displays in the visual policy editor.
  5. On the Main tab, click
    Access
    Profiles / Policies
    Per-Request Policies
    .
    The Per-Request Policies screen opens.
  6. In the
    Name
    field, locate the policy that you want to update, then in the
    Per-Request Policy
    field, click the
    Edit
    link.
    The visual policy editor opens in another tab.
  7. On a policy branch, click the
    (+)
    icon to add an item to the policy.
    The actions you can use for building a per-request policy are displayed on a popup screen with actions on tabs, such as Authentication, Classification, and General Purpose, and a search field.
  8. If you are not going to update an existing policy, all you need to do to create a new one is click
    Create
    , type a name that is unique among all access profile and per-request policy names, and click
    Finished
    .
  9. Click the
    (+)
    icon anywhere in the per-request policy to add a new item.
  10. Click the
    (+)
    icon anywhere in the subroutine to add a new item.
    A small set of actions are provided for building a subroutine.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  11. Click the
    (+)
    icon anywhere in the subroutine to add a new item.
  12. Click
    Create
    .
    The General Properties screen opens.
  13. In the
    Name
    field, type a name for the policy and click
    Finished
    .
    A per-request policy name must be unique among all per-request policy and access profile names.
    The policy name appears on the Per-Request Policies screen.
    1. Click the
      (+)
      icon anywhere in the per-request policy to add a new item.
      A popup screen opens, listing predefined actions on tabs such as General Purpose, Authentication, and so on.
    2. Click the
      (+)
      icon anywhere in your per-request policy to add a new item.
  14. The popup screen closes. The heading (
    [+] Subroutine:
    Name
    ) for the subroutine, displays below the main editor.
  15. Click the
    Add New Subroutine
    button.
    A popup screen opens.
  16. To preview the available templates, select them one at a time from the
    Subroutine from template
    list.
    A description of the selected template and the items in it display.
  17. On the
    Subroutine from template
    list, retain the selection
    Empty
    , and click
    Save
    .
    The popup screen closes. The subroutine, with the heading
    [+] Subroutine:
    Name
    , displays below the main editor.
  18. Select a template and click
    Save
    .
    The popup screen closes. The subroutine, with the heading
    [+] Subroutine:
    Name
    , displays below the main editor.
  19. Expand the subroutine by clicking the [
    +
    ] icon.
    If any item in the subroutine needs some configuration, a red asterisk displays by the item name.
  20. Expand the subroutine by clicking the [
    +
    ] icon.
    The subroutine displays.
  21. From the
    Grant Type
    list, select one of these:
    • Authorization code
      - Redirects the user to the external server to authenticate. The user is redirected back to APM with an authorization code. APM uses the authorization code to request an access token
    • Password
      - Requests an access token from the external server by using the user's credentials (username and password). If this method is configured, the user must provide their external credentials to APM; to make this happen you must insert a logon page before the Oauth Client item in the access or the per-request policy.
      If you select the password grant type, every time the per-request policy subroutine runs, it must request credentials from the user.
  22. Click
    Subroutine Settings/Rename
    .
    A popup screen opens.
  23. In the
    Gating Criteria
    field, type the name of a per-flow variable that contains a resource or resources.
    If the
    Gating Criteria
    field remains blank, the subroutine runs once and applies the same ending to all requests for resources for the duration of the subsession.
    If you specify a per-flow variable as the gating criteria for a subroutine and the per-request policy does not populate it, the subroutine is invalidated and does not run.
    A
    Category Lookup
    item that runs before a subroutine populates the
    perflow.category_lookup.
    name
    variables and an
    Application Lookup
    item that runs before a subroutine populates the
    perflow.application_lookup.
    name
    variables.
    For example, type
    perflow.category_lookup.result.url
    or
    perflow.application_lookup.result.families
    , or the name of any documented per-flow variable that returns resources instead of a Boolean result.
  24. Click
    Save
    .
    The popup screen closes.
  25. To add a subroutine to the per-request policy, in the main editor click the (
    +
    ) icon.
    A popup screen opens, displaying tabs such as General Purpose and Logon.
  26. The popup screen closes. A new popup screen displays the properties for the newly added item.
  27. The popup screen closes. The newly added item displays in the per-request policy.
  28. Select the Subroutines tab.
  29. Select a subroutine and click
    Add Item
    .
    The popup screen closes. The per-request policy displays the newly added subroutine.
  30. On the General Purpose tab, select
    Proxy Select
    and click
    Add Item
    .
    A Properties popup screen opens.
  31. From the
    Pool
    list, select a pool of one or more proxy servers from which to select the next hop.
    All proxy servers in the pool that you select must support the forward proxy mode that you specify in the
    Upstream Proxy Mode
    setting.
  32. From
    Upstream Proxy Mode
    , select
    Explicit
    or
    Transparent
    .
  33. For
    Username
    and
    Password
    , most of the time you can retain the default values (blank).
    These fields support the use of static credentials to authenticate the user at the next hop using HTTP Basic authentication.
  34. Click
    Save
    .
    The properties screen closes. The visual policy editor displays.
A per-request policy goes into effect when you add it to a virtual server.