Limit Max logins per user to Web URL

Question

I have a VIP that is providing SSL offload to web server URL. I have configured ASM to provide security for the web server. on the ASM I have configured session and login pages and session tracking. I am wanting to ensure users that authenticate to the web session can only do this once. Ensuring multiple authentications with the same credentials cannot be accomplished, providing user session concurrency to the web server to 1. I know this is possible with APM, however I am looking for a solution with ASM and irule if possible.&nbsp;
In essence I want to limit the number of authenticted sessions a user can have to just one. I want ensure the user credentials cannot be shared thus stopping multiple users authenticating with the same credentials at any one time.&nbsp;

samstep · Answer

While ASM does provide some session tracking they are there to stop the excessive number of Failed logins to stop the attackers from brute forcing the password. The feature you require is best implemented on the applications side by the application developers. If developers are not available to fix this bug, then it is possible to write an iRule for session tracking.

Forum Discussion

Limit Max logins per user to Web URL

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Rate Limiting SSL VPN User Traffic

Insufficient permissions BIG-IQ login error

DEVCENTRAL END-USER LICENSE AGREEMENT

Customizing APM end user login page with APM Advanced Customization Templates

Creating local users when using Remote Authentication and unavailable login