Forum Discussion
xpnsec_138837
Nimbostratus
NimbostratusSession Tracking - Blocking Username Requests
Hi,
I am currently rolling out the session tracking functionality of ASM.
The functionality seems to be working fine in terms of violations now provide the username and Session ID of a logged in user who was responsible for the violation, however when I try to use the 'Block All' action for a username (found by clicking on 'Show Session Tracking Details' next the username of the logged on user within event log) I expect all requests to have been blocked. This does not seem to be the case, instead the user is able to continue prohibited with all of their events still being logged.
I've checked under Reporting > 'Session Tracking Status' and the username is listed with an action of Block All, is there something that I am missing with this? Something that I need to configure in order to have this work?
Arnaud_F_I experienced the same issue in 12.1.2HF2. This functionality was working in 11.5.X. Seems to be a bug.
peter_hombergerHello together
I get into the same troubles. My configuration looks like this in the posted. Also I get the messages in session tracking that user as well session has been blocked, but the logged in user can still add comments into the web form.
Daniel_VarelaEmployee
Did by any chance someone got the answer? I am doing some testing in v 12.1.2. When I try to block all for a sessionid/username is to getting blocked. I can see it in the reports but I dont get the requests blocked. I have checked everything...blcking mode, blocking settings, staging...
Jim_Sellers_106Bump ... I am having the same issues version 12.1 hf2
Sounds like you are doing the right thing, so it's interesting that the username is not blocked. I'm not sure if any of this will help, but here's a quick article I wrote on username tracking...maybe it will have some info that will be helpful.
https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-9-username-and-session-awareness-tracking.UrBpT7HnbIU
