V-266137

Discussion

The "Max In Progress Sessions Per Client IP" setting in an APM Access Profile is a security configuration that limits the number of simultaneous sessions that can be initiated from a single IP address. This is particularly helpful in preventing a session flood, where a hacker might attempt to overwhelm the system by initiating many sessions from a single source. By capping the number of sessions per IP, this setting can help maintain the system's stability and integrity while also providing a layer of protection against such potential attacks. False positives may result from this setting in networks where users are behind a shared proxy. Sites must conduct operational testing to determine if there are adverse operational impacts. View Log reports to identify recurring IP sources within the user community. Max In Progress Sessions per Client IP represents the maximum number of sessions that can be in progress for a client IP address. When setting this value, take into account whether users will come from a NAT-ed or proxied client address and, if so, increase the value accordingly.

Check Content

If the BIG-IP appliance does not provide user access control intermediary services, this is not applicable.

From the BIG-IP GUI:
1. Access.
2. Profiles/Policies.
3. Access Profiles.
4. Click the Name of the Access profile.
5. Under "Settings", verify "Max Sessions per User" is set to "1" or to an organization-defined number.

If the BIG-IP appliance is not configured to limit the number of concurrent sessions for user accounts to 1 or to an organization-defined number, this is a finding.