Forum Discussion
NimbostratusLimiting the no. of User Session for GUI Access
Dear Experts,
I have a requirement on the F5-LTM units where I have to limit the no. of sessions for the users who can access the Administrative WEB GUI. How can I achieve this.
Regards,
Jad_Tabbara__J1Cirrostratus
Hello, I don't think this is possible :/
TechgeeegCan this thing be controlled if the authentication is external or not at all.
- JRahm
Admin
Strictly theoretically speaking...if you prevent 443 on mgmt interface and self IPs and force all connections to an clientssl-enabled vip with an iRule like...
when HTTP_REQUEST { node 127.0.0.1 80 }You could add logic to limit sessions. But that requires you open up management access on data paths which is a no-no in some security deployments.
The better more supported solution is to use the built-in tmsh command to do so:
modify sys httpd max-clientswhere is the number of max-clients you desire (default: 10)
- Techgeeeg
In addition to the above let me ask you one more thing in continuation of this. If I want to achieve the session limitation per host (Let's say per source IP address) on the VIP can I achieve this if I have AFM module?
- JRahm
AFM would be too low in layers to track a true session, but connections per source IP yes. Best bet would be via ASM or a custom iRule.
Techgeeeg_28888In addition to the above let me ask you one more thing in continuation of this. If I want to achieve the session limitation per host (Let's say per source IP address) on the VIP can I achieve this if I have AFM module?
- JRahm
AFM would be too low in layers to track a true session, but connections per source IP yes. Best bet would be via ASM or a custom iRule.
