Forum Discussion
7 Replies
- Jad_Tabbara__J1Cirrostratus
Hello, I don't think this is possible :/
- TechgeeegNimbostratus
Can this thing be controlled if the authentication is external or not at all.
- JRahmAdmin
Strictly theoretically speaking...if you prevent 443 on mgmt interface and self IPs and force all connections to an clientssl-enabled vip with an iRule like...
when HTTP_REQUEST { node 127.0.0.1 80 }
You could add logic to limit sessions. But that requires you open up management access on data paths which is a no-no in some security deployments.
The better more supported solution is to use the built-in tmsh command to do so:
modify sys httpd max-clients
where is the number of max-clients you desire (default: 10)
- TechgeeegNimbostratus
In addition to the above let me ask you one more thing in continuation of this. If I want to achieve the session limitation per host (Let's say per source IP address) on the VIP can I achieve this if I have AFM module?
- JRahmAdmin
AFM would be too low in layers to track a true session, but connections per source IP yes. Best bet would be via ASM or a custom iRule.
- Techgeeeg_28888Nimbostratus
In addition to the above let me ask you one more thing in continuation of this. If I want to achieve the session limitation per host (Let's say per source IP address) on the VIP can I achieve this if I have AFM module?
- JRahmAdmin
AFM would be too low in layers to track a true session, but connections per source IP yes. Best bet would be via ASM or a custom iRule.