Manual Chapter :
Confirming requests example
Applies To:
Show VersionsBIG-IP APM
- 16.0.1, 16.0.0
Confirming requests example
Create an empty per-session policy to work with the per-request policy.
- Type a name
- ForProfile Type, selectSWG-Explicit.
- Select a language.
Create a per-request policy.
- Type a name
- ForPolicy Type, selectAll.
- Select a language.
In this example, the per-request policy performs several actions in two
macros and a subroutine.
Add a macro for the SSL category lookup:
SSL Category Lookup Macro: If the request passes the SSL check, it is sent to an URL filter
that matches input URL categories against a previously defined URL filter, which specifies the
URL categories to allow (traffic needs no inspection), confirm (inspect the traffic), or block.
Requests that do not pass the SSL check are blocked.
Add another macro to secure the traffic:
Secure Web Gateway Macro: Traffic that requires confirmation as a result of the first macro is
sent to this second macro. It performs another category lookup, analyzes the request and response
for malicious contents, again filters the URLs against a different URL filter that determines
which requests are allowed, which need to be confirmed, and which are blocked. Requests that need
to be confirmed are assigned a per-request variable that defines the category of the request.
Next, add a subroutine to define the Confirm box:
Confirm subroutine: Any category of URL that needs user intervention to continue is sent to the
Confirm subroutine. It contains a Confirm Box that displays a box with a message (which you can
customize), a green icon for Continue, and a red icon for Cancel. If the user presses Continue,
the action is logged and allowed. Choosing Cancel blocks the request from accessing the
resource.
Make sure the two policies are specified in the Access Policy section of the virtual server. You
can also specify an SSL profile for the client such as clientssl.