cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

BIG IP: Terminate active session after a period of time

Paultthomas
Nimbostratus
Nimbostratus

Can I terminate an active session after a period of time using an irule without using APM.

2 REPLIES 2

AlexBCT
MVP
MVP

Hi Paul,

 

Do you mean terminating an active APM session without logging in to APM? Or are you referring to a TCP session?

 

For APM sessions to be terminated using iRules, you can use the "ACCESS::session remove" command. (See some examples here: https://clouddocs.f5.com/api/irules/ACCESS__session.html)

 

To make sure this automatically happens after a certain time will be a bit trickier though - as iRules are normally event-driven and they don't just run in the background. Maybe someone else around here may have an idea for that.

 

Alternatively, if you want to do this for all sessions, you can also change the timers in the policy itself (there is the Maximum Session Timeout value) which will kill off a session no matter if it is still actively used.

 

If you want to ensure that only certain users get kicked off after a certain time, you can also update the Maximum Session Timeout value using an iRule and the "ACCESS::session data set session.max_session_timeout 1000" string - this will change the value of the maximum session length to whatever value you want, in this case to a 1000 seconds.

 

Hope this helps.

Paultthomas
Nimbostratus
Nimbostratus

Hi Alex,

 

Thanks for your reply. I currently do not have APM licenced and wondered if there was anything I could do to terminate an active TCP session after a predetermined time.