For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RJ_171490's avatar
RJ_171490
Icon for Nimbostratus rankNimbostratus
Sep 03, 2018

Allow or Restrict access based on urls.

Hi All,   What's the best way to allow or restrict access to webserver based on the urls used by the user.   I want the connection to be allowed if the user uses the below urls and deny any ot...
application delivery
iRules
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 04, 2018

You can only go as far as the Host name value, assuming the client presents a Server Name Indication (SNI) value in its TLS Client Hello message. You cannot see the request URI, for example, "/websso/*", unless you decrypt.

 

It's also rare that a browser client will submit an SNI value if it's using an IP address for the URL host.

 

But assuming the client always does send an SNI, you can indeed use LTM local traffic policies, which are included with LTM, to enable/disable access based on requested host name.

 

For a quick guide to configuring CPM policies: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/local-traffic-policies-getting-started-12-1-0/1.html