Angelo_Iannaril
Feb 04, 2007Nimbostratus
authenticated IP's and session tables
We have an iRule that needs to keep track of authenticated IP addresses across several event clauses within the iRule (as an extra security check). We're using the universal session table to achieve this, as shown below.
when CLIENTSSL_CLIENTCERT {
…
session add universal [IP::client_addr] $status $timeout
….
}
when HTTP_REQUEST {
...
if {[session lookup universal [IP::client_addr]] == $authenticated} {
}
...
}
This seems to work, but I'm not sure that this is necessarily the best approach as the session table looks like it was intended to contain SSL session IDs. Can anyone tell me whether there are any known issues with this approach? Is there a better option for storing the IP address in a commonly accessable table for a specified time period?