Forum Discussion

xpnsec_138837's avatar
xpnsec_138837
Icon for Nimbostratus rankNimbostratus
Nov 29, 2013

Session Tracking - Blocking Username Requests

Hi,

 

I am currently rolling out the session tracking functionality of ASM.

 

The functionality seems to be working fine in terms of violations now provide the username and Session ID of a logged in user who was responsible for the violation, however when I try to use the 'Block All' action for a username (found by clicking on 'Show Session Tracking Details' next the username of the logged on user within event log) I expect all requests to have been blocked. This does not seem to be the case, instead the user is able to continue prohibited with all of their events still being logged.

 

I've checked under Reporting > 'Session Tracking Status' and the username is listed with an action of Block All, is there something that I am missing with this? Something that I need to configure in order to have this work?

 

  • Sounds like you are doing the right thing, so it's interesting that the username is not blocked. I'm not sure if any of this will help, but here's a quick article I wrote on username tracking...maybe it will have some info that will be helpful.

     

    https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-9-username-and-session-awareness-tracking.UrBpT7HnbIU

     

  • Hello together

     

    I get into the same troubles. My configuration looks like this in the posted. Also I get the messages in session tracking that user as well session has been blocked, but the logged in user can still add comments into the web form.

     

    • Daniel_Varela's avatar
      Daniel_Varela
      Icon for Employee rankEmployee

      Did by any chance someone got the answer? I am doing some testing in v 12.1.2. When I try to block all for a sessionid/username is to getting blocked. I can see it in the reports but I dont get the requests blocked. I have checked everything...blcking mode, blocking settings, staging...

       

  • I experienced the same issue in 12.1.2HF2. This functionality was working in 11.5.X. Seems to be a bug.