So working on an interesting challenge. We could like to setup a iRule that would do the following.
1. Identify when a connection is made via a specific account that is authenticated by F5
2. Only prevent this account from connecting to the backend server if it comes from a specific IP address
If the account is not from that IP, then F5 will drop the connection attempt. Anyone have some guidance on best way to handle this?
Your description is not detailed but I can think of using the F5 table command and to save the APM username session variable (session.logon.last.username) to an irule with the commmand ACCESS::session and the source IP address during the authentication and then to allow the traffic or block it based on if the user matches the bad ip address. The table key can be the username and the value the table IP address that the user used to log in.
Maybe helpfull if issues are seen and for ideas: