For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Enforcing individual APM Policy "In Progress Sessions Limits"

Problem this snippet solves: Hi Folks, the iRule below can be used to enforce individual APM Policy "In Progress Sessions Limits" per source IP address. The iRule make use of [class match] t...
Updated Jun 06, 2023
Version 2.0
BIG-IP Access Policy Manager (APM)
in progress sessions limits
iRules
security
Kai_Wilke's avatar
Icon for MVP rankMVP
My name is Kai Wilke and I'm working as a Principal Consultant for IT-Security at itacs GmbH - a German consulting company specialized in Microsoft Security cloud solutions, F5 customizations as well as for classic IT-Consulting. You can find additional information about me and my work here: https://devcentral.f5.com/articles/q-a-with-itacs-gmbhs-kai-wilke-devcentrals-featured-member-for-february-24890
View Profile
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 09, 2016

Hi,

this is an interesting irule.

For better user experience, I should have set an APM session variable in ACCESS_SESSION_STARTED 

ACCESS::session data set "session.custom.tomanysession" 1

instead of 

ACCESS::respond 200 content "To many concurrent logon sessions from your IP address" noserver "Content-Type" "text/html"
ACCESS::session remove

and added a empty box in VPE with branch with expression 

expr { [mcget {session.custom.tomanysession}] != 0 }
to dedicated policy ending with message: 

To many concurrent logon sessions from your IP address

with this solution, the response page format is the same as access profile.