Forum Discussion

F5_Jeff's avatar
F5_Jeff
Icon for Cirrus rankCirrus
Jan 13, 2017

Allow specific IP to access link using ASM

Hi Everyone.

 

We want to allow specific IPs to access a link and block other IPs. Is there a way to do this in F5 ASM?

 

Is this achievable using the IP address exceptions?

 

Thank you for your feedback.

 

  • I assume that by "a link" you are talking about a web application already behind F5 LTM/ASM and not an external link like "facebook.com".

     

    If "a link" if a web application behind BIG-IP then the answer is - yes, it can be done, but it is a massive overkill if it is ALL you want to do. It is like hitting a nail into the wall with a bulldozer :)

     

    If access by specific IPs is all you need then the simplest thing to use is a traditional firewall or AFM. ASM is there to protect Web Applications from hacker attacks, not to act as an IP packet filter :)

     

  • yeah you gotta be a bit clearer about link as samstep is also saying.

     

    assuming a whole virtual server or an uri on a virtual server hat you suggest is probably possible, but it indeed doesn't feel like the logical choice. an iRule or local traffic policy would make more sense. but if you really want to do it with ASM it will work.