CodeShare Refresh: HTTP Session Limit
The iRules CodeShare on DevCentral is an amazingly powerful, diverse collection of iRules that perform a myriad of tasks ranging from credit card scrubbing to form based authentication to, as in toda...
Published Dec 27, 2011
Version 1.0Colin_Walker_12
Historic F5 Account
Joined May 12, 2005
Colin_Walker_12
Historic F5 Account
Joined May 12, 2005
hooleylist
Dec 27, 2011Cirrostratus
It would make sense to force closure of the TCP connection when redirecting a client to a blocking page if you're only checking the first HTTP request on each TCP connection. As it is, a client could ignore the redirect and continue making more HTTP requests on the same TCP connection to bypass the iRule logic.
At some point it would make sense (for someone :) to add validation of each HTTP request on the connection to handle different clients who might be connecting from behind the same proxy.
Aaron