Session Tracking in the ASM

Question

I want to implement the session tracking feature in the ASM by setting a session threshold. To determine this threshold I wanted to know how the ASM maintains state information. Is it through the TS cookie (Main ASM cookie) ? I see a session id in the event logs for ASM. Can I expose this session id to remote log server through an iRule for any violations ? This would help me calculate my threshold. Or should this be done through the Main ASM cookie ?

romani_2788 · Answer

Yes, ASM maintains state information with the Main ASM Cookie, the TS Cookie, and this is tied to the sessionID you see in the event logs. &nbsp;
I do not believe the sessionID itself is exposed via an irule however (see the page on ASM::violation_data), however, you should simply get this information logged remotely anyway when you use remote logging, without needing to extract it within an iRule. &nbsp;
Have a look at this manual on  Logging Application Security Events.&nbsp;

Forum Discussion

Session Tracking in the ASM

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Recommended Study Guide, Books or Labs for F5 ASM/AWAF Module

Exchange cert upgrade on F%

email alert when service restarts

Unable to download files greater than 4GB. Running version 15.1.5.1

F5 Distributed Cloud Services Simulator Connect

Related Content

F5 XC Session tracking with User Identification Policy

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Link Tracking

APM - Track clicks on webtop resources

TLS Stateful vs Stateless Session Resumption

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS