Manual Chapter : Confirming requests example

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Manual Chapter

Confirming requests example

Create an empty per-session policy to work with the per-request policy.
  • Type a name
  • For
    Profile Type
    , select
    SWG-Explicit
    .
  • Select a language.
Create a per-request policy.
  • Type a name
  • For
    Policy Type
    , select
    All
    .
  • Select a language.
In this example, the per-request policy performs several actions in two macros and a subroutine.
Add a macro for the SSL category lookup:
SSL Category Lookup Macro: If the request passes the SSL check, it is sent to an URL filter that matches input URL categories against a previously defined URL filter, which specifies the URL categories to allow (traffic needs no inspection), confirm (inspect the traffic), or block. Requests that do not pass the SSL check are blocked.
Add another macro to secure the traffic:
Secure Web Gateway Macro: Traffic that requires confirmation as a result of the first macro is sent to this second macro. It performs another category lookup, analyzes the request and response for malicious contents, again filters the URLs against a different URL filter that determines which requests are allowed, which need to be confirmed, and which are blocked. Requests that need to be confirmed are assigned a per-request variable that defines the category of the request.
Next, add a subroutine to define the Confirm box:
Confirm subroutine: Any category of URL that needs user intervention to continue is sent to the Confirm subroutine. It contains a Confirm Box that displays a box with a message (which you can customize), a green icon for Continue, and a red icon for Cancel. If the user presses Continue, the action is logged and allowed. Choosing Cancel blocks the request from accessing the resource.
Make sure the two policies are specified in the Access Policy section of the virtual server. You can also specify an SSL profile for the client such as clientssl.