F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Andre_1977's avatar
Andre_1977
Icon for Nimbostratus rankNimbostratus
Oct 01, 2009

Distinguish between logged in users and visitors

Hi,     we have to protect a webserver farm from to many requests of vistors. This is needed to avoid GET/POST floods of unauthenticated users. So we want to forward visitors to a different...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 01, 2009
Hi Andre,

 

 

You'd need to use an iRule (or possibly an HTTP class) to select a pool. The iRule would need to differentiate between a logged in user's request versus one that doesn't have a valid session with the application. Exactly how you would do that depends on how the application maintains its sessions. Ideally, you'd want to use something in the HTTP headers like URI, cookie, Authorization header, etc to determine when a user is logged in.

 

 

If you compare requests an authenticated user's request for a page with an unauthenticated user's request for the same page, what is different?

 

 

Aaron