Manual Chapter :
Common Elements for the per-request policy in Access Policy Manager
Applies To:
Show VersionsBIG-IP APM
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Common Elements for the per-request policy in Access Policy Manager
You can put a subroutine to use by adding it to the
per-request policy.
- Add the subroutine to the per-request policy:
- On a per-request policy branch, click the (+) icon.
- Select the Subroutines tab.
- Select the subroutine and clickAdd Item.The popup screen closes and the policy displays.
- With the per-request policy open in the visual policy editor, click the (+) icon on a per-request policy branch.A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
- Select the Subroutines tab.
- Select a subroutine and clickAdd Item.The popup screen closes and the per-request policy displays in the visual policy editor.
- On the Main tab, click.The Per-Request Policies screen opens.
- In theNamefield, locate the policy that you want to update, then in thePer-Request Policyfield, click theEditlink.The visual policy editor opens in another tab.
- On a policy branch, click the(+)icon to add an item to the policy.The actions you can use for building a per-request policy are displayed on a popup screen with actions on tabs, such as Authentication, Classification, and General Purpose, and a search field.
- If you are not going to update an existing policy, all you need to do to create a new one is clickCreate, type a name that is unique among all access profile and per-request policy names, and clickFinished.
- Click the(+)icon anywhere in the per-request policy to add a new item.
- Click the(+)icon anywhere in the subroutine to add a new item.A small set of actions are provided for building a subroutine.A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
- Click the(+)icon anywhere in the subroutine to add a new item.
- ClickCreate.The General Properties screen opens.
- In theNamefield, type a name for the policy and clickFinished.A per-request policy name must be unique among all per-request policy and access profile names.The policy name appears on the Per-Request Policies screen.
- Click the(+)icon anywhere in the per-request policy to add a new item.A popup screen opens, listing predefined actions on tabs such as General Purpose, Authentication, and so on.
- Click the(+)icon anywhere in your per-request policy to add a new item.
- The popup screen closes. The heading ([+] Subroutine:) for the subroutine, displays below the main editor.Name
- Click theAdd New Subroutinebutton.A popup screen opens.
- To preview the available templates, select them one at a time from theSubroutine from templatelist.A description of the selected template and the items in it display.
- On theSubroutine from templatelist, retain the selectionEmpty, and clickSave.The popup screen closes. The subroutine, with the heading[+] Subroutine:, displays below the main editor.Name
- Select a template and clickSave.The popup screen closes. The subroutine, with the heading[+] Subroutine:, displays below the main editor.Name
- Expand the subroutine by clicking the [+] icon.If any item in the subroutine needs some configuration, a red asterisk displays by the item name.
- Expand the subroutine by clicking the [+] icon.The subroutine displays.
- From theGrant Typelist, select one of these:
- Authorization code- Redirects the user to the external server to authenticate. The user is redirected back to APM with an authorization code. APM uses the authorization code to request an access token
- Password- Requests an access token from the external server by using the user's credentials (username and password). If this method is configured, the user must provide their external credentials to APM; to make this happen you must insert a logon page before the Oauth Client item in the access or the per-request policy.If you select the password grant type, every time the per-request policy subroutine runs, it must request credentials from the user.
- ClickSubroutine Settings/Rename.A popup screen opens.
- In theGating Criteriafield, type the name of a per-flow variable that contains a resource or resources.If theGating Criteriafield remains blank, the subroutine runs once and applies the same ending to all requests for resources for the duration of the subsession.If you specify a per-flow variable as the gating criteria for a subroutine and the per-request policy does not populate it, the subroutine is invalidated and does not run.ACategory Lookupitem that runs before a subroutine populates theperflow.category_lookup.namevariables and anApplication Lookupitem that runs before a subroutine populates theperflow.application_lookup.namevariables.For example, typeperflow.category_lookup.result.urlorperflow.application_lookup.result.families, or the name of any documented per-flow variable that returns resources instead of a Boolean result.
- ClickSave.The popup screen closes.
- To add a subroutine to the per-request policy, in the main editor click the (+) icon.A popup screen opens, displaying tabs such as General Purpose and Logon.
- The popup screen closes. A new popup screen displays the properties for the newly added item.
- The popup screen closes. The newly added item displays in the per-request policy.
- Select the Subroutines tab.
- Select a subroutine and clickAdd Item.The popup screen closes. The per-request policy displays the newly added subroutine.
- On the General Purpose tab, selectProxy Selectand clickAdd Item.A Properties popup screen opens.
- From thePoollist, select a pool of one or more proxy servers from which to select the next hop.All proxy servers in the pool that you select must support the forward proxy mode that you specify in theUpstream Proxy Modesetting.
- FromUpstream Proxy Mode, selectExplicitorTransparent.
- ForUsernameandPassword, most of the time you can retain the default values (blank).These fields support the use of static credentials to authenticate the user at the next hop using HTTP Basic authentication.
- ClickSave.The properties screen closes. The visual policy editor displays.
A per-request policy goes into effect when you add it to a
virtual server.