cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

User's session timeout and concurrent session (Layer 7) using F5 LTM

abdulmalek
Nimbostratus
Nimbostratus

Hello,

I hope all is well 🙂

 

We want to control the user's session timeout and concurrent session (Layer 7) using F5 LTM; however, after researching the documentation, we couldn't find a way to do so except with APM. can you please advise on how to do so without APM? 

 

Appreciate your corporation.

 

BRs,

Abdulmalek Aldosrri

2 REPLIES 2

neeeewbie
MVP
MVP

Hi

I guess user's session timeout value relate to timeout value

and then concurrent session is using below irule

 

when RULE_INIT {

  set static::maxquery 1

  set static::holdtime 600

}

when CLIENT_ACCEPTED {

  set srcip [clientside {IP::local_addr}]

  if { [table lookup -subtable "blacklist" $srcip] != "" } {

    drop

    return

    log local0. "abc" 

  }

  set curtime [clock second]

  set key "count:$srcip:$curtime"

  set count [table incr $key]

  table lifetime $key 600

  log local0. $count

   

  if { $count > $static::maxquery } {

    table add -subtable "blacklist" $srcip "blocked" indef $static::holdtime

    log local0. "excute"

    table delete $key

    drop

    return

  }

}

abdulmalek
Nimbostratus
Nimbostratus

Much appreciated neeeewbie, will test it and let you know! By the way, we have created an irule that removes all browser cookies after a specific time interval to address the timeout issue. it's working fine with us 🙂

 

when HTTP_REQUEST {

 

  set now [clock seconds]

   

  if { [HTTP::cookie exists lastrequesttimestamp] } {

    set lastrequesttimestamp [HTTP::cookie value lastrequesttimestamp]

  } else {

    set lastrequesttimestamp $now

  }

 

  set cookieNames [HTTP::cookie names]

 

}

 

when HTTP_RESPONSE {

 

  set threshold [expr {20}]

  set lastRequestPlusThreshold [expr {$threshold + $lastrequesttimestamp}]

   

   if { $lastRequestPlusThreshold < $now } {

    foreach aCookie $cookieNames {

      HTTP::cookie insert name $aCookie value bb

      HTTP::cookie expires $aCookie 1

    }

     

   } else {

     HTTP::cookie insert name "lastrequesttimestamp" value $now path "/"

    HTTP::cookie attribute "lastrequesttimestamp" insert "SameSite" "None"

    HTTP::cookie secure "lastrequesttimestamp" enable

   }

 

 

}