For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kirk_Jackson's avatar
Kirk_Jackson
Icon for Nimbostratus rankNimbostratus
Aug 29, 2018

Accessing ASM Session Awareness and Username from an iRule

Hi,   Are the Session Awareness tracking and the captured username of the login page available for use in an iRule?   https://devcentral.f5.com/articles/the-big-ip-application-security-manager-...
ASM Advanced WAF
security
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Aug 29, 2018

Hi,

I think we can do it differently and much more simply. without basing it on Awareness part, you can use it for all your requests.

So you can check if you have an APM cookie exist (MRHsessions) in a wanted request then retrieve user:

something like that:

when HTTP_REQUEST {
    set apm_cookie [HTTP::cookie value MRHSession]
    set username "empty"
    if { !($apm_cookie == "") && [ ACCESS::session exists -state_allow -sid [HTTP::cookie MRHSession] ] } {
        set username [ACCESS::session data get sid $apm_cookie session.logon.last.username]
    }
}

when ASM_REQUEST_DONE {

if { [ASM::status] equals "blocked" } {

         log local0. "Violation count: [ASM::violation count] -  $username"
         log local0. "Violation names: [ASM::violation names] - $username"
         log local0. "Violation attack types: [ASM::violation attack_types] - $username"
         log local0. "Violation details: [ASM::violation details] - $username"
}
}