Forum Discussion

Altostratus

Mar 13, 2024

APM session policy based on IP address datagroup?

Hi everyone We currently use LTM policy to use datagroup as ACL for virtual server access. After LTM ACL is accepted, APM policy will create a session etc But I was thinking to optimize it, so tha...

BIG-IP Access Policy Manager (APM)

datagroup

per session policy

SergeyAU

Altostratus

Mar 13, 2024

while reading various info, I am thinking that I dont need to do anything in the APM to only check for client IP once

Can use ACCESS_SESSION_STARTED iRule instead of the LTM policy CLIENT_ACCEPTED check.
Strange that there is no policy to work with APM...

when ACCESS_SESSION_STARTED {

set user_subnet [ACCESS::session data get "session.user.clientip"]

if { ($user_subnet & 0xffffff00) != "192.168.255.0" } {

log local0.notice "Unauthorized subnet"

ACCESS::session remove

}

when ACCESS_SESSION_STARTED {
if { [class match [IP::client_addr] eq <datagroup_name>] } {
log local0. "Dropped connection: client IP [IP::client_addr] is restricted."
ACCESS::session remove
drop
}
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM session policy based on IP address datagroup?

Recent Discussions

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Related Content

CSV to Address External Datagroup File

Help me! About datagroup

Modifying multiple entries in a datagroup via api?

import data from excel into datagroup

Agility sessions announced

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS