NimbostratusHi,
Are the Session Awareness tracking and the captured username of the login page available for use in an iRule?
It looks like they're not - but I thought I'd ask to be sure.
I think the work-around is to parse the full body of the login request using an iRule and capture the username myself.
Cheers!
Kirk
CumulonimbusHi,
I think we can do it differently and much more simply. without basing it on Awareness part, you can use it for all your requests.
So you can check if you have an APM cookie exist (MRHsessions) in a wanted request then retrieve user:
something like that:
when HTTP_REQUEST {
set apm_cookie [HTTP::cookie value MRHSession]
set username "empty"
if { !($apm_cookie == "") && [ ACCESS::session exists -state_allow -sid [HTTP::cookie MRHSession] ] } {
set username [ACCESS::session data get sid $apm_cookie session.logon.last.username]
}
}
when ASM_REQUEST_DONE {
if { [ASM::status] equals "blocked" } {
log local0. "Violation count: [ASM::violation count] - $username"
log local0. "Violation names: [ASM::violation names] - $username"
log local0. "Violation attack types: [ASM::violation attack_types] - $username"
log local0. "Violation details: [ASM::violation details] - $username"
}
}