15-Jun-2022 08:50
So working on an interesting challenge. We could like to setup a iRule that would do the following.
1. Identify when a connection is made via a specific account that is authenticated by F5
2. Only prevent this account from connecting to the backend server if it comes from a specific IP address
If the account is not from that IP, then F5 will drop the connection attempt. Anyone have some guidance on best way to handle this?
Shaun
19-Jun-2022 03:55 - edited 19-Jun-2022 03:58
Your description is not detailed but I can think of using the F5 table command and to save the APM username session variable (session.logon.last.username) to an irule with the commmand ACCESS::session and the source IP address during the authentication and then to allow the traffic or block it based on if the user matches the bad ip address. The table key can be the username and the value the table IP address that the user used to log in.
https://community.f5.com/t5/technical-articles/the-table-command-examples/ta-p/278490
https://clouddocs.f5.com/api/irules/ACCESS__session.html
https://community.f5.com/t5/technical-articles/advanced-irules-tables/ta-p/290369
Maybe helpfull if issues are seen and for ideas:
https://support.f5.com/csp/article/K23154551
24-Jun-2022 12:57
@ShaunS - If your post was solved it would be helpful to the community if you selected *Accept As Solution* on the relevant reply (or replies). This helps future readers find answers more quickly and confirms the efforts of those who helped.
Thanks for being part of our community.
Lief