For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

swaminatha's avatar
swaminatha
Icon for Nimbostratus rankNimbostratus
Jul 21, 2021

Allow domains on outbound virtual server with AFM policy

Hi, We have a virtual server to forward traffic to the internet. We have a policy to block access on only ports 80 and 443. We woud like to replace the allowed destinations from IP address to a domain list. We do not have WAF license on the f5 but we do have APM license, can I leverage AFM or APM to allow domains only like microsoft.com

AFM
BIG-IP Access Policy Manager (APM)
cloud
security

1 Reply

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 25, 2021

    APM with can do this SWG (Secure Web Gateway), though more in a proxy style. https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-access-policy-manager-secure-web-gateway-14-1-0/per-request-policy-configuration-for-swg.html

     

    AFM can do this with FQDN objects. although im not 100% how it deals with different IP resolutions.

     

    you could also do this with an irule and look at the Host header. shouldn't be that hard to build. though keeping such a list is some work i would say.