CodeShare Refresh: HTTP Session Limit

The iRules CodeShare on DevCentral is an amazingly powerful, diverse collection of iRules that perform a myriad of tasks ranging from credit card scrubbing to form based authentication to, as in toda...

Published Dec 27, 2011

Version 1.0

Colin_Walker_12

Historic F5 Account

Joined May 12, 2005

Colin_Walker_12

Historic F5 Account

Joined May 12, 2005

Icon for Cirrostratus rank

Cirrostratus

Dec 27, 2011

It would make sense to force closure of the TCP connection when redirecting a client to a blocking page if you're only checking the first HTTP request on each TCP connection. As it is, a client could ignore the redirect and continue making more HTTP requests on the same TCP connection to bypass the iRule logic.

At some point it would make sense (for someone :) to add validation of each HTTP request on the connection to handle different clients who might be connecting from behind the same proxy.

Aaron