For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Will_33786's avatar
Will_33786
Icon for Nimbostratus rankNimbostratus
Apr 16, 2015
Solved

How do I record the IP assigned to a client after login?

Hello, I need to record clients' IP address assigned by network access. I searched on Ask f5 it looks like that the variable "session.assigned.clientip" is what I need. So I tried to use an irule t...
application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
management
security
  • John_Alam_45640's avatar
    John_Alam_45640
    Apr 16, 2015

    The VPN address is assigned after the APM policy is completed. Use an iRule to detect the VPN startup URI and then wait a few seconds before querying session.assigned.clientip. 

    when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/myvpn?sess=" } {
        after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"}
    }
}
John_Alam_45640's avatar
John_Alam_45640
Historic F5 Account
Apr 16, 2015

The VPN address is assigned after the APM policy is completed. Use an iRule to detect the VPN startup URI and then wait a few seconds before querying session.assigned.clientip. 

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/myvpn?sess=" } {
        after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"}
    }
}
  • Will_33786's avatar
    Will_33786
    Icon for Nimbostratus rankNimbostratus
    Apr 19, 2015
    Hi John. Your solution works! It's exactly what I want. You just gave me a big help. Thank you!
  • John_Alam_45640's avatar
    John_Alam_45640
    Historic F5 Account
    Apr 20, 2015
    Glad it worked for you.
  • DevBabu's avatar
    DevBabu
    Icon for Cirrus rankCirrus
    Jul 23, 2018

    Has the URI changed in version 12.1.3.4. I am running 12.1.3.4 and couldn't catch that URI /myvpn?sess=.

    When i did URI logging and saw URI /isession?sess= and I could get the session.assigned.clientip.

    So, my rule looks like:

    when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/isession?sess=" } {
        after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"}
    }
}
  • Fab's avatar
    Fab
    Icon for Altocumulus rankAltocumulus
    Nov 30, 2023

    Hello,

    It seems that now (at least 15.1.8) the URI has changed. I think /vdesk/resource_all_info.eui?resourcename=/Common/*******&resourcetype=network_access works.

    I have an issue with the "after" command though.

    It works with a value of 10 for instance, but with 1000 (or 5000) the "log local0." command is not triggered. Do you know why by any chance?