Forum Discussion
Kai_Wilke
Aug 28, 2016MVP
Hi Brett,
its unfortunately not possible to configure individual settings per client IP.
But you may use the iRule below as a starting point. The iRule uses the
[class]
command to fetch individual limits from a datagroup and then counts and enforces the in progress sessions limits using the [table add/delete -subtable]
and [table keys -count -subtable]
command.
iRule to enforce individual "Max In Progress Sessions Per Client IP" settings
when RULE_INIT {
set static::inprogress_session_limit 5
set static::access_policy_timeout 300
}
when ACCESS_SESSION_STARTED {
log local0.debug "Started"
if { [set SessionLimit [class lookup "[ACCESS::session data get "session.user.clientip"]" "DG_My_Trusted_IPs"]] eq "" } then {
set SessionLimit $static::inprogress_session_limit
}
if { [table keys -count -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]"] > $SessionLimit } then {
ACCESS::respond 200 content "To many concurrent logon sessions from your IP address" noserver "Content-Type" "text/html"
ACCESS::session remove
log local0.debug "Login from client IP \"[ACCESS::session data get "session.user.clientip"]\" was blocked. Too many inprogress sessions..."
} else {
table add -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]" "[ACCESS::session data get "session.user.sessionid"]" 1 indefinite $static::access_policy_timeout
}
}
when ACCESS_POLICY_COMPLETED {
table delete -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]" "[ACCESS::session data get "session.user.sessionid"]"
}
DG_My_Trusted_IPs
ltm data-group internal DG_My_Trusted_IPs {
records {
1.1.1.1/32 {
data 50
}
2.2.2.0/24 {
data 100
}
}
type ip
}
Cheers, Kai