How to limit access by time?
Dear community, I need to handle requests for a particular domain in a different way. I usually apply a few simple conditions, for example, requests must arrive with the xpto.com header to be forwarded to the pool. I use a BIG-IP LTM 13.0.0. Now I need a particular domain, if it is called more than 50 times in 10 minutes by a same IP, block this IP for 30 minutes. From what I've been researching I believe that the FLOW_INIT function helps me with what I need, but I still can not reach my goal. Below is a simple example of what I use to test: when HTTP_REQUEST { if {[HTTP::host] equals "drop.test:8080"} { switch -glob [HTTP::uri] { "/test/*" { log local0. "/test/ - accept - source: [IP::remote_addr] - uri: [HTTP::host][HTTP::uri]" HTTP::respond "Test ok!" } "/drop/*" { log local0. "/drop/ - accept - source: [IP::remote_addr] - uri: [HTTP::host][HTTP::uri]" HTTP::respond "Drop ok!" } default { log local0. "reject - source: [IP::remote_addr] - uri: [HTTP::host][HTTP::uri]" reject } } } }
Is blocking all HTTP-HEAD requesta a bad idea?
We think about blocking all HTTP Head requests for our Web-Applications (not REST or SOAP) via ASM, by returning a html response page with HTTP-code 200 OK, because most of them are requests from crawlers. Are there experiences concerning client behavior? Since HTTP-200 is returned, the client thinks that the request ist valid, even if the site doesn't exists. For Office-Doks, which constain invalid web links the user doesn't get a info popup which tells him that the ressource doesn't exists, instead the web-client is opened which then sends a HTTP-GET to a non existing ressource. For me it doesn't sound like a major drawback. Are there any other pitfalls known?
Inspect POST Request for Existence of Username Parameter
Is it possible to to check if a username has been provided in a POST request? Could this be done via HTTP::username command or would a HTTP::collect be needed to inspect the payload of the request? Would you be able to provide an example of how this might be done via an Irule.
Access allowed when it should be denied
Hi guys I'm implementing APM in a customer environment and now we caught in a problem that the customer has an URL that I use APM to authenticate and then check the group, if the group is approved the access will be permitted. It's working as expected too. But, if another user try to log in to the application using the same machine the access is allowed even the user isn't inside the permitted group. Is possible to check this again ?
