Forum Discussion

Altostratus

Mar 13, 2024

APM session policy based on IP address datagroup?

Hi everyone We currently use LTM policy to use datagroup as ACL for virtual server access. After LTM ACL is accepted, APM policy will create a session etc But I was thinking to optimize it, so tha...

BIG-IP Access Policy Manager (APM)

datagroup

per session policy

SergeyAU

Altostratus

Mar 13, 2024

while reading various info, I am thinking that I dont need to do anything in the APM to only check for client IP once

Can use ACCESS_SESSION_STARTED iRule instead of the LTM policy CLIENT_ACCEPTED check.
Strange that there is no policy to work with APM...

when ACCESS_SESSION_STARTED {

set user_subnet [ACCESS::session data get "session.user.clientip"]

if { ($user_subnet & 0xffffff00) != "192.168.255.0" } {

log local0.notice "Unauthorized subnet"

ACCESS::session remove

}

when ACCESS_SESSION_STARTED {
if { [class match [IP::client_addr] eq <datagroup_name>] } {
log local0. "Dropped connection: client IP [IP::client_addr] is restricted."
ACCESS::session remove
drop
}
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM session policy based on IP address datagroup?

Recent Discussions

F5 - AS3 - BIGIQ / BIGIP SchemaVersion Missunderstanding

F5OS API - not able to create vlan

F5 APM - limiting access to the bandwidth for network Access

Change LB priority based on status

High CPU utilization (100%).

Related Content

CSV to Address External Datagroup File

Help me! About datagroup

Modifying multiple entries in a datagroup via api?

import data from excel into datagroup

Agility sessions announced

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS