iRule based upon username and source IP

ShaunS · ‎15-Jun-2022

So working on an interesting challenge. We could like to setup a iRule that would do the following.

1. Identify when a connection is made via a specific account that is authenticated by F5

2. Only prevent this account from connecting to the backend server if it comes from a specific IP address

If the account is not from that IP, then F5 will drop the connection attempt. Anyone have some guidance on best way to handle this?

Shaun

Nikoolayy1 · ‎19-Jun-2022

Your description is not detailed but I can think of using the F5 table command and to save the APM username session variable (session.logon.last.username) to an irule with the commmand ACCESS::session and the source IP address during the authentication and then to allow the traffic or block it based on if the user matches the bad ip address. The table key can be the username and the value the table IP address that the user used to log in.

https://community.f5.com/t5/technical-articles/the-table-command-examples/ta-p/278490

https://clouddocs.f5.com/api/irules/ACCESS__session.html

https://community.f5.com/t5/technical-articles/advanced-irules-tables/ta-p/290369

Maybe helpfull if issues are seen and for ideas:

https://support.f5.com/csp/article/K23154551

https://community.f5.com/t5/technical-forum/irule-to-set-apm-session-variable-for-x-forwarded-for/td...

LiefZimmerman · ‎24-Jun-2022

@ShaunS - If your post was solved it would be helpful to the community if you selected *Accept As Solution* on the relevant reply (or replies). This helps future readers find answers more quickly and confirms the efforts of those who helped.

Thanks for being part of our community.
Lief

DevCentral

iRule based upon username and source IP

Sep 26th, 2023
MFA required on DevCentral

DevCentral

iRule based upon username and source IP

Sep 26th, 2023MFA required on DevCentral

Sep 26th, 2023
MFA required on DevCentral