Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Matt_Breedlove_'s avatar
Matt_Breedlove_
Icon for Nimbostratus rankNimbostratus
May 17, 2011

Timelimited or session limited class match

I once worked with a product that would allow a user to authenticated to the product using a java applet. Once authenticated that user could have access on certain ports, only from the source IP that ...
application delivery
dev
devops
irules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 17, 2011
Hi Matt,

 

 

That does seem doable with an iRule. And assuming you have a secure method for validating access to the special URIs it should be safe.

 

 

I'd use a single iRule which adds the client IP and allowed port(s) to a subtable using the table command. You can set a lifetime on the record to enforce a session timeout. See the table command and subtable series for details:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/table

 

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/2375/v101--The-table-Command--The-Basics.aspx

 

 

If you get stuck try posting the issue(s), code you're testing and debug logging. Else, when you get something working, it would make a great Codeshare example:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/codeshare

 

 

Aaron