F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Enforcing individual APM Policy "In Progress Sessions Limits"

Problem this snippet solves: Hi Folks, the iRule below can be used to enforce individual APM Policy "In Progress Sessions Limits" per source IP address. The iRule make use of [class match] t...
Updated Jun 05, 2023
Version 2.0
BIG-IP Access Policy Manager (APM)
in progress sessions limits
iRules
security
Kai_Wilke's avatar
Icon for MVP rankMVP
My name is Kai Wilke and I'm working as a Principal Consultant for IT-Security at itacs GmbH - a German consulting company specialized in Microsoft Security cloud solutions, F5 customizations as well as for classic IT-Consulting. You can find additional information about me and my work here: https://devcentral.f5.com/articles/q-a-with-itacs-gmbhs-kai-wilke-devcentrals-featured-member-for-february-24890
View Profile
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 09, 2016

Hi,

this is an interesting irule.

For better user experience, I should have set an APM session variable in ACCESS_SESSION_STARTED 

ACCESS::session data set "session.custom.tomanysession" 1

instead of 

ACCESS::respond 200 content "To many concurrent logon sessions from your IP address" noserver "Content-Type" "text/html"
ACCESS::session remove

and added a empty box in VPE with branch with expression 

expr { [mcget {session.custom.tomanysession}] != 0 }
to dedicated policy ending with message: 

To many concurrent logon sessions from your IP address

with this solution, the response page format is the same as access profile.