For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KarimBenyelloul's avatar
KarimBenyelloul
Icon for Cirrostratus rankCirrostratus
Jan 23, 2018

Using "table" iRule command inside the ACESS_SESSION_CLOSED APM event

Hello everyone,

I'm in version 13.1.0.2 and I'm facing an issue when using the "table" iRule command with the ACCESS_SESSION_CLOSED event :

This is an LTM+APM deployement (web application access)

I have an empty access policy ( start --> allow )

I have associated the following iRule to the virtual server :

when ACCESS_SESSION_STARTED {
 if { [table lookup "toto"] != "" } {
    log local0. "found !" 
 } else {
    log local0. "not found !" 
 }
}
when ACCESS_SESSION_CLOSED { 
    table set "toto" "myData" 1800
    log local0. "adding toto to the shared table !"
}

I noticed that whenever I kill a perticular session and re establish a new session, the entry is never found in the table (I have choosen a 30min timeout so that I can easly disconnect and reconnect without having the entry times out)

After further testing I noticed that whenever I use the "table" command in the ACCESS_SESSION_CLOSED , this entry is deleted right after the session is closed.

I found this article K58224211 which describe a known bug, however it should be fixed since version 12.0.0. (btw I also performed the same test in 12.1.2 and 12.1.3 with the same result)

am I missing somehting in my iRule ? or did I just hit a new bug ?

Any help would be apriciated

many thanks,

access_session_closed
application delivery
BIG-IP Access Policy Manager (APM)
security
table

3 Replies

  • Ryan77777's avatar
    Ryan77777
    Icon for Altocumulus rankAltocumulus
    Jan 25, 2018

    This article doesn't have a whole lot of information, but it seems like what you have should be working to me (with the limited amount of knowledge I have about the system).

    I would think you'd be ok here but something to think about: "Important: This event is triggerred outside of flow context (similar to RULE_INIT) when a session goes away. The iRule commands which require a flow context (for e.g. TCP, HTTP and SSL commands) can not be used in this event."

    If you use a subtable does it make a difference? If we're going down the bug path... then little changes like this might get you around that. Not saying it's a bug... but if it is, then perhaps this may help.

    when ACCESS_SESSION_STARTED {
    if { [table lookup -notouch -subtable  "toto"] != {} } {
        log local0. "found !" 
    } else {
        log local0. "not found !" 
    }
}
when ACCESS_SESSION_CLOSED { 
    table add -subtable  "toto" "data" 1800
    log local0. "adding toto to the shared table !"
}
    • nr9929's avatar
      nr9929
      Icon for Nimbostratus rankNimbostratus
      Jun 08, 2025

      We are on version 17.1 and this still seem to be an issue. Any solutions or workarounds that you guys figured out?