Forum Discussion

Cirrostratus

Sep 17, 2023

Solved

API security

I have API which can be accessed through internet. I have restrict the access with IP address ( iRule/data group). Also, I have applied client authentication using certificate to be installed on cli...

application delivery

security

Daniel_Wolf

MVP

Sep 18, 2023

Hi THE_BLUE,

instead of iRules & datagroup you could use address lists. But this is just personal flavor (read more here).
Client cert auth is good. Cert management might be cumbersome.
Maybe look at Rate Limiting, check out API Protection with APM. Old but gold video https://www.youtube.com/watch?v=UVcUAjtyYaY
And final hint - apply a WAF policy. Use ASM Signatures to protect your technologie stack from known vulnerabilities. Apply signatures for Server Technologies, like NGINX, JavaScript, etc.

KR,
Daniel

Recent Discussions

Internal F5 Loopback To solve LNA Issue
May 07, 2026
notbuyinit
VIP control across data centers - how to ensure only 1 VIP is up at a time?
May 07, 2026
daboochmeister3
migrate from serie I to R. Cluster LTM-GTM
May 07, 2026
SuppEsp_AX
Errors with AS3 3.56.0 with F5 17.5.1.6
May 07, 2026
Juergen_Mang
syslog over tcp and define management IP as source
May 06, 2026
ecoumesh_264424

Forum Discussion

API security

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Internal F5 Loopback To solve LNA Issue

VIP control across data centers - how to ensure only 1 VIP is up at a time?

migrate from serie I to R. Cluster LTM-GTM

Errors with AS3 3.56.0 with F5 17.5.1.6

syslog over tcp and define management IP as source

Related Content

Runtime API Security: From Visibility to Enforced Protection

F5 API Security: Discovery and Protection

API Security: How to implement API Access Control with F5

Introduction to OWASP API Security Top 10 2023

Securing APIs with BigIP