Forum Discussion

Cirrus

Apr 28, 2016

Irule for logging user connections for the APM portal

I have been asked by my security department to basically log information about all users that log in or try to log into one of our portals being hosted on the F5 APM. I basically need the following i...

BIG-IP Access Policy Manager (APM)

iRules

security

Stanislas_Piro2

Cumulonimbus

Apr 28, 2016

Hi,

you can use the following irule to add username in request logging profile:

when CLIENT_ACCEPTED {
    set APMusername "-"
}

when ACCESS_ACL_ALLOWED {
    if {![info exists APMusername] || $APMusername equals "-"} {
        set APMusername [ACCESS::session data get session.logon.last.username]
    }
}

when HTTP_RESPONSE {
    if [info exists APMusername] {
        HTTP::header insert "USER" APMusername
    }
}

when HTTP_RESPONSE_RELEASE {
    HTTP::header remove "USER"
}

This irule must be enabled associated with Request_logging profile.

The Request logging profile may be configure with following Response Profile:

$CLIENT_IP - ${USER} $DATE_NCSA $HTTP_REQUEST $HTTP_STATCODE $RESPONSE_SIZE $Referer 0 $Cookie

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Irule for logging user connections for the APM portal

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

Log tcp Connections.

Log client to vip connections

F5 portal download RDP connectivity

F5 Distributed Cloud Telemetry (Logs) - Loki

F5 Distributed Cloud Telemetry (Logs) - ELK Stack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS