For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

monu1's avatar
monu1
Icon for Nimbostratus rankNimbostratus
Sep 11, 2013

Session count from table

Hi, I am using below iRule for limiting the no of sessions on F5. I want to know, If we can get the no of session in the table using CLI? Also if we can delete the session manually? when RULE_INIT { set static::total_active_clients 0 set static::sessionCookiePrefix "session" set static::max_active_clients 5 set static::sessionTimeout 120 } when HTTP_REQUEST { set subtableName "sessionLimit-shopMaintainence" set sessionCookieName "$static::sessionCookiePrefix-Maintainence" set need_cookie 0

if {[HTTP::cookie exists $sessionCookieName]} {
   set client_id [HTTP::cookie $sessionCookieName]
   set sessiondata [table lookup -subtable $subtableName $client_id]

   if { $sessiondata != "" } {
    return
   }
}

set sessionCount [table keys -subtable $subtableName -count]
log local0. sessionCount
if {$sessionCount < $static::max_active_clients} {
    set need_cookie 1
    set client_id [format "%08d" [expr { int(100000000 * rand()) }]]
    set sessionValue [IP::client_addr]

    table add -subtable $subtableName $client_id $sessionValue $static::sessionTimeout
             log local0. "[HTTP::cookie names] [IP::client_addr]      NEW"
} else {
    HTTP::redirect "http://www.xyz.com/"
}

}

when HTTP_RESPONSE { if {$need_cookie == 1} { HTTP::cookie insert name $sessionCookieName value $client_id path "/" } }

Thanks for your help.

application delivery
devops
iRules

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 11, 2013

    There is no direct access (yet) to the session table from the CLI. My one recommendation would be to add a service URI to your above iRule to respond to local cURL requests:

    when RULE_INIT { 
    set static::total_active_clients 0 
    set static::sessionCookiePrefix "session" 
    set static::max_active_clients 5 
    set static::sessionTimeout 120 
} 
when HTTP_REQUEST { 
    set subtableName "sessionLimit-shopMaintainence" 
    set sessionCookieName "$static::sessionCookiePrefix-Maintainence" 
    set need_cookie 0

     service function to return session table count
    if { ( [HTTP::uri] equals "/getcount" ) and ( [class match [IP::client_addr] equals my_allowed_clients] ) } {
        HTTP::respond 200 content [table keys -subtable $subtableName -count]
    }

    if { [HTTP::cookie exists $sessionCookieName] } {
        set client_id [HTTP::cookie $sessionCookieName]
        set sessiondata [table lookup -subtable $subtableName $client_id]

        if { $sessiondata != "" } {
            return
        }
    }

    set sessionCount [table keys -subtable $subtableName -count]
    log local0. sessionCount
    if {$sessionCount < $static::max_active_clients} {
        set need_cookie 1
        set client_id [format "%08d" [expr { int(100000000 * rand()) }]]
        set sessionValue [IP::client_addr]

        table add -subtable $subtableName $client_id $sessionValue $static::sessionTimeout
        log local0. "[HTTP::cookie names] [IP::client_addr]      NEW"
    } else {
        HTTP::redirect "http://www.xyz.com/"
    }
}
when HTTP_RESPONSE { 
    if { $need_cookie == 1 } { 
        HTTP::cookie insert name $sessionCookieName value $client_id path "/" 
    } 
}

    From the command line you can now issue a cURL request:

    curl http://VIP/getcount

    which should return the current table count. I also added a data group address match so that you could lock it down to a defined set of client source addresses.