Forum Discussion

Kirk_Jackson's avatar
Kirk_Jackson
Icon for Nimbostratus rankNimbostratus
Aug 29, 2018

Accessing ASM Session Awareness and Username from an iRule

Hi,

 

Are the Session Awareness tracking and the captured username of the login page available for use in an iRule?

 

https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-9-username-and-session-awareness-tracking

 

It looks like they're not - but I thought I'd ask to be sure.

 

I think the work-around is to parse the full body of the login request using an iRule and capture the username myself.

 

Cheers!

 

Kirk

 

ASM Advanced WAF
security
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 29, 2018

    Hi,

    I think we can do it differently and much more simply. without basing it on Awareness part, you can use it for all your requests.

    So you can check if you have an APM cookie exist (MRHsessions) in a wanted request then retrieve user:

    something like that:

    when HTTP_REQUEST {
    set apm_cookie [HTTP::cookie value MRHSession]
    set username "empty"
    if { !($apm_cookie == "") && [ ACCESS::session exists -state_allow -sid [HTTP::cookie MRHSession] ] } {
        set username [ACCESS::session data get sid $apm_cookie session.logon.last.username]
    }
}

when ASM_REQUEST_DONE {

if { [ASM::status] equals "blocked" } {

         log local0. "Violation count: [ASM::violation count] -  $username"
         log local0. "Violation names: [ASM::violation names] - $username"
         log local0. "Violation attack types: [ASM::violation attack_types] - $username"
         log local0. "Violation details: [ASM::violation details] - $username"
}
}