APM: Access Profile Option. "Max In Progress Sessions Per Client IP"

Hi Brett,

its unfortunately not possible to configure individual settings per client IP.

But you may use the iRule below as a starting point. The iRule uses the

[class]

command to fetch individual limits from a datagroup and then counts and enforces the in progress sessions limits using the

[table add/delete -subtable]

and

[table keys -count -subtable]

command.

iRule to enforce individual "Max In Progress Sessions Per Client IP" settings

when RULE_INIT {
    set static::inprogress_session_limit 5
    set static::access_policy_timeout 300
}
when ACCESS_SESSION_STARTED {
    log local0.debug "Started"
    if { [set SessionLimit [class lookup "[ACCESS::session data get "session.user.clientip"]" "DG_My_Trusted_IPs"]] eq "" } then {
        set SessionLimit $static::inprogress_session_limit
    }
    if { [table keys -count -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]"] > $SessionLimit } then {
        ACCESS::respond 200 content "To many concurrent logon sessions from your IP address" noserver "Content-Type" "text/html"
        ACCESS::session remove
        log local0.debug "Login from client IP \"[ACCESS::session data get "session.user.clientip"]\" was blocked. Too many inprogress sessions..."
    } else {
        table add -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]" "[ACCESS::session data get "session.user.sessionid"]" 1 indefinite $static::access_policy_timeout
    }
}
when ACCESS_POLICY_COMPLETED {
    table delete -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]" "[ACCESS::session data get "session.user.sessionid"]"
}

DG_My_Trusted_IPs

ltm data-group internal DG_My_Trusted_IPs {
    records {
        1.1.1.1/32 {
            data 50
        }
        2.2.2.0/24 {
            data 100
        }
    }
    type ip
}

Cheers, Kai