Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Nov 07, 2017

Limiting the no. of User Session for GUI Access

Dear Experts,

 

I have a requirement on the F5-LTM units where I have to limit the no. of sessions for the users who can access the Administrative WEB GUI. How can I achieve this.

 

Regards,

 

7 Replies

  • Can this thing be controlled if the authentication is external or not at all.

     

  • Strictly theoretically speaking...if you prevent 443 on mgmt interface and self IPs and force all connections to an clientssl-enabled vip with an iRule like...

    when HTTP_REQUEST {
      node 127.0.0.1 80
    }
    

    You could add logic to limit sessions. But that requires you open up management access on data paths which is a no-no in some security deployments.

    The better more supported solution is to use the built-in tmsh command to do so:

    modify sys httpd max-clients 

    where is the number of max-clients you desire (default: 10)

  • In addition to the above let me ask you one more thing in continuation of this. If I want to achieve the session limitation per host (Let's say per source IP address) on the VIP can I achieve this if I have AFM module?

     

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      AFM would be too low in layers to track a true session, but connections per source IP yes. Best bet would be via ASM or a custom iRule.

       

  • In addition to the above let me ask you one more thing in continuation of this. If I want to achieve the session limitation per host (Let's say per source IP address) on the VIP can I achieve this if I have AFM module?

     

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      AFM would be too low in layers to track a true session, but connections per source IP yes. Best bet would be via ASM or a custom iRule.