Distinguish between logged in users and visitors

Question

Hi, 
&nbsp;  
&nbsp; we have to protect a webserver farm from to many requests of vistors. This is needed to avoid GET/POST floods of unauthenticated users. So we want to forward visitors to a different farm. 
&nbsp;  
&nbsp; Only if they are logged in they should be forwarded to the correct servers.  
&nbsp;  
&nbsp; Do i assign them new cookies, or can i use existing cookies to distinguish that? 
&nbsp; Can i do that without iRules? 
&nbsp;  
&nbsp; Thank you a lot for your answers! 
&nbsp;  
&nbsp; Andre 
&nbsp;  
&nbsp;

hooleylist · Answer

Hi Andre, 
&nbsp;  
&nbsp; You'd need to use an iRule (or possibly an HTTP class) to select a pool.  The iRule would need to differentiate between a logged in user's request versus one that doesn't have a valid session with the application.  Exactly how you would do that depends on how the application maintains its sessions.  Ideally, you'd want to use something in the HTTP headers like URI, cookie, Authorization header, etc to determine when a user is logged in.   
&nbsp;  
&nbsp; If you compare requests an authenticated user's request for a page with an unauthenticated user's request for the same page, what is different? 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Distinguish between logged in users and visitors

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

The Cost of Ignoring ‘Non-Human’ Visitors

How to Generate Visitor ID/UUID

how to distinguish the source address and destination address on the virtual server

visitor/session cookie without persistence

F5 Can distinguish connection limit reset packet from Typical reset packet?