Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

swjo_264656's avatar
swjo_264656
Icon for Cirrostratus rankCirrostratus
Nov 13, 2017

On APM disable user based on not access period

Hi guys.   I have question about APM. I`m noob about APM.   I want to lock a user account that has not been connected for a certain period of time.   or logically run access report per day a...
application delivery
BIG-IP Access Policy Manager (APM)
irules
stan_piron's avatar
stan_piron
Icon for Cumulonimbus rankCumulonimbus
Nov 13, 2017

Hi,

 

APM doesn't contains a database of previous user logged in.

 

you can create such database with local DB, but you can't retrieve the last logon date. --> wrong way!

 

if you want to do it with tables, the table will be cleared if the appliance reboot, but mirrored between peers if HA is configured.

 

I'm not really sure this solution is good keeping in memory several weeks all authenticated users.

 

what behavior do you want if the user never logged in? how do you want to manage new users?

 

How are user authenticating?

 

Can't it be done by the authentication server instead of the F5?