Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Jul 13, 2016 Severity: 3-Major Related Article:
K00255200
IP-based sessions rely on an internal IP to session mapping table. The ACCESS::session iRules were not using this table, so in IP-based session scenarios they never find the session. A simple iRule like this should generate a lot of logs. In an IP-based session scenario it would never log. when HTTP_REQUEST { if { [ACCESS::session exists] } { log local0. "Found Access Session" } }
ACCESS::session commands are essentially unavailable to IP-based sessions.
SWG configuration with IP-based sessions. Attach an iRule to the virtual that includes ACCESS::session commands. They will not work as expected.
None
All ACCESS::session commands were updated to read the IP to session mapping table when an access profile with IP-based sessions is attached to the virtual. ACCESS::session create has been updated, and it respects the 1-1 correspondence between IP addresses and sessions. If this IP address already has an associated session, APM returns that session. Otherwise we create a new session, and add it to the table.