ltm rule event ACCESS SESSION STARTED
iRule(1) BIG-IP TMSH Manual iRule(1)
ACCESS_SESSION_STARTED
This event is triggered when a new user session is created.
DESCRIPTION
This event is triggered when a new user session is created. This is triggered after creating the session context and
initial session variables related to user's source IP, browser capabilities and accepted languages etc. This event is a
notification to admin that a new session is being created. Admin can use this event to do some more session restriction
checks, and prevent the session from being created in this event. For e.g. if user is exceeding some kind of limit
(concurrent sessions etc.) or if the user does not qualify for a new session due to some thing which is a custom logic.
Admin can use ACCESS::session commands to get and set various session variables. Admin can also use TCP/SSL/HTTP iRule
commands to know various TCP/SSL/HTTP properties of the user.
Examples
Example 1: In this example, admin logs user's agent
when ACCESS_SESSION_STARTED {
log local0.notice "APM: Received a new session from browser: [ACCESS::session data get "session.user.agent"]"
}
Example 2: In this example, admin limits the application access to one subnet 192.168.255.0 only.
when ACCESS_SESSION_STARTED {
set user_subnet [ACCESS::session data get "session.user.clientip"]
if { ($user_subnet & 0xffffff00) != "192.168.255.0" } {
log local0.notice "Unauthorized subnet"
ACCESS::session remove
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-10.1.0 --First introduced the event. --Requires APM module
BIG-IP 2022-04-12 iRule(1)