Forum Discussion
1 Reply
Sort By
Hi Brett,
its unfortunately not possible to configure individual settings per client IP.
But you may use the iRule below as a starting point. The iRule uses the
command to fetch individual limits from a datagroup and then counts and enforces the in progress sessions limits using the[class]
and[table add/delete -subtable]
command.[table keys -count -subtable]
iRule to enforce individual "Max In Progress Sessions Per Client IP" settings
when RULE_INIT { set static::inprogress_session_limit 5 set static::access_policy_timeout 300 } when ACCESS_SESSION_STARTED { log local0.debug "Started" if { [set SessionLimit [class lookup "[ACCESS::session data get "session.user.clientip"]" "DG_My_Trusted_IPs"]] eq "" } then { set SessionLimit $static::inprogress_session_limit } if { [table keys -count -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]"] > $SessionLimit } then { ACCESS::respond 200 content "To many concurrent logon sessions from your IP address" noserver "Content-Type" "text/html" ACCESS::session remove log local0.debug "Login from client IP \"[ACCESS::session data get "session.user.clientip"]\" was blocked. Too many inprogress sessions..." } else { table add -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]" "[ACCESS::session data get "session.user.sessionid"]" 1 indefinite $static::access_policy_timeout } } when ACCESS_POLICY_COMPLETED { table delete -subtable "APMSessions_[ACCESS::session data get "session.user.clientip"]" "[ACCESS::session data get "session.user.sessionid"]" }
DG_My_Trusted_IPs
ltm data-group internal DG_My_Trusted_IPs { records { 1.1.1.1/32 { data 50 } 2.2.2.0/24 { data 100 } } type ip }
Cheers, Kai