Enforcing individual APM Policy "In Progress Sessions Limits"

Problem this snippet solves: Hi Folks, the iRule below can be used to enforce individual APM Policy "In Progress Sessions Limits" per source IP address. The iRule make use of [class match] t...

Updated Jun 06, 2023

Version 2.0

BIG-IP Access Policy Manager (APM)

in progress sessions limits

iRules

security

Kai_Wilke

MVP

My name is Kai Wilke and I'm working as a Principal Consultant for IT-Security at itacs GmbH - a German consulting company specialized in Microsoft Security cloud solutions, F5 customizations as well as for classic IT-Consulting. You can find additional information about me and my work here: https://devcentral.f5.com/articles/q-a-with-itacs-gmbhs-kai-wilke-devcentrals-featured-member-for-february-24890

View Profile

Stanislas_Piro2

Cumulonimbus

Sep 09, 2016

Hi,

this is an interesting irule.

For better user experience, I should have set an APM session variable in ACCESS_SESSION_STARTED

ACCESS::session data set "session.custom.tomanysession" 1

instead of

ACCESS::respond 200 content "To many concurrent logon sessions from your IP address" noserver "Content-Type" "text/html"
ACCESS::session remove

and added a empty box in VPE with branch with expression

expr { [mcget {session.custom.tomanysession}] != 0 }

to dedicated policy ending with message:

To many concurrent logon sessions from your IP address

with this solution, the response page format is the same as access profile.

Enforcing individual APM Policy "In Progress Sessions Limits"

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS