Manual Chapter :
Confirming requests example
Applies To:
Show VersionsBIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Confirming requests example
Create an empty per-session policy to work with the per-request policy.
- Type a name
- ForProfile Type, selectSWG-Explicit.
- Select a language.
Create a per-request policy.
- Type a name
- ForPolicy Type, selectAll.
- Select a language.
In this example, the per-request policy performs several actions in two
macros and a subroutine.
Add a macro for the SSL category lookup:
SSL Category Lookup Macro: If the request passes the SSL check, it is sent
to an URL filter that matches input URL categories against a previously defined URL filter, which
specifies the URL categories to allow (traffic needs no inspection), confirm (inspect the
traffic), or block. Requests that do not pass the SSL check are blocked.
Add another macro to secure the traffic:
Secure Web Gateway Macro: Traffic that requires confirmation as a result of
the first macro is sent to this second macro. It performs another category lookup, analyzes the
request and response for malicious contents, again filters the URLs against a different URL
filter that determines which requests are allowed, which need to be confirmed, and which are
blocked. Requests that need to be confirmed are assigned a per-request variable that defines the
category of the request.
Next, add a subroutine to define the Confirm box:
Confirm subroutine: Any category of URL that needs user intervention to
continue is sent to the Confirm subroutine. It contains a Confirm Box that displays a box with a
message (which you can customize), a green icon for Continue, and a red icon for Cancel. If the
user presses Continue, the action is logged and allowed. Choosing Cancel blocks the request from
accessing the resource.
Make sure the two policies are specified in the Access Policy section of the
virtual server. You can also specify an SSL profile for the client such as clientssl.