Forum Discussion
Kai_Wilke
Feb 10, 2016MVP
Hi Amolari,
I guess a layered
[table]
and [table -subtable]
approach would be the best choice.
1.) User authenticates on the APM
table set "ID_[ACCESS::session sid]" "" indefinite 84600
2.) User connects with Network Access, I add the assigned IP to the table
table append -mustexist "ID_[ACCESS::session sid]" "[ACCESS::session data get session.assigned.clientip]"
table set -subtable "IP_[ACCESS::session data get session.assigned.clientip]" "[ACCESS::session sid]" "" indefinite 84600
3.) User logs out or session times out
table delete -subtable "IP_[ACCESS::session data get session.assigned.clientip]" [ACCESS::session sid]
table delete "ID_[ACCESS::session sid]"
4.) Check for allowed client IPs
if { [table -keys -count -subtable "IP_[IP::client_addr]"] > 0 } then {
Allow the request
}
Note: I've added the scenario that a single source IP would initiate multiple APM sessions. (in cause of Proxy/NAT)
Note: I've added a maximum lifetime for the table records to make sure they would getting flushed if something goes wrong...
*Note: What is the purpose of differentiating 1.) and 2.)? After my changes, I don't get the point of the "ID_[ACCESS::session sid]" table, at all?
Note: I'm certain unsure if 4.) covers your use case? But you may elaborate additional requirements on this...
Cheers, Kai