For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ShaunS's avatar
ShaunS
Icon for Nimbostratus rankNimbostratus
Jun 15, 2022

iRule based upon username and source IP

So working on an interesting challenge.  We could like to setup a iRule that would do the following. 1. Identify when a connection is made via a specific account that is authenticated by F5 2. Only...
devops
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jun 19, 2022

Your description is not detailed but I can think of using the F5 table command  and to save the APM username session variable (session.logon.last.username) to an irule with the commmand ACCESS::session and the source IP address during the authentication and then to allow the traffic or block it based on if the user matches the bad ip address. The table key can be the username and the value the table IP address that the user used to log in.

 

https://community.f5.com/t5/technical-articles/the-table-command-examples/ta-p/278490

https://clouddocs.f5.com/api/irules/ACCESS__session.html

https://community.f5.com/t5/technical-articles/advanced-irules-tables/ta-p/290369

 

 

Maybe helpfull if issues are seen and for ideas:

https://support.f5.com/csp/article/K23154551

https://community.f5.com/t5/technical-forum/irule-to-set-apm-session-variable-for-x-forwarded-for/td-p/224450