You could do this a few ways, essentially you need to record the IP address and some other unique information. Just recording an IP address may cause issues if people are coming from a NATed source. So you could record IP address and SSL session ID for example (if using SSL), or perhaps JSESSIONID.
To record these, you could could write them to the session table as mentioned in one of the links in your post and validate them against incoming connections.
Or you could write information into a cookie and check the contents against incoming connections.
I've just knocked up the following (untested) iRule that may give you an idea of what you could do. It will check if there is an existing cookie and reject connections that differ to what is in the cookie. You could respond with an error, or perhaps redirect the user to a sorry page. If a cookie doesn't exist, it is assumed to be a new connection, so a flag is set which is read on HTTP_RESPONSE and sets a cookie if set.
If you decide to use a cookie, you may want to consider encrypting it, this can be done in the HTTP profile quite easily.
when HTTP_REQUEST {
set sessionCookie myCookie
set sessionCookieValue "[SSL::sessionid]:[IP::client_addr]"
set sslSessionId [SSL::sessionid]
set flgSetCookie 0
check if cookie exists and cookie is not blank
if {([HTTP::cookie exists $sessionCookie]) && ([HTTP::cookie value $sessionCookie] ne "")} {
set cookieSid [getfield $sessionCookieValue ":" 1]
set cookieIP [getfield $sessionCookieValue ":" 2]
if {($cookieSid ne $sslSessionId) || ($cookieIP ne [IP::client_addr])} {
log local0. "Request does NOT match cookie data - Rejecting"
reject
}
} else {
set flag to create cookie on HTTP_RESPONSE
set flgSetCookie 1
}
}
when HTTP_RESPONSE {
set cookie if it does not exist
if {$flgSetCookie eq 1} {
HTTP::cookie insert name $sessionCookie value $sessionCookieValue
}
}
Cirrus
