Forum Discussion
NimbostratusApply access profile to non-standard virtual server?
Have some older software causing issues. Is there any way to apply and access profile to a virtual server type Forwarding IP? I have a link to the virtual server on a WebTop which works when set to this type (server IP is same as virtual server).
I also get it to work when I use the standard type, but whenever I apply an HTTP profile (required to apply an access profile) the link no longer works. If there is a way to set up an HTTP profile which would not cause this issues that would work as well.
I need this to prevent access to the server if the WepTop (access policy) is not used. I have multi-domain SSO used to accomplish this for other similar resources.
Any help would be appreciated.
4 Replies
RaghavendraSY_7Cumulonimbus
Can you please provide your virtual server configuration. Did you apply http profile to VIP 443 or VIP 80?
ehergott_345008I asked a similar question to this and received a response that if I apply the HTTP profile then I need the SSL cert and a client ssl profile applied. I have requested this from the admins, but have not gotten it yet. So I have it set up as a Forwarding IP server using port 443.
This is fine, but I need to prevent an admin from reaching the virtual server without first going through an access policy I created.
Mentioned I could do this via an iRule using a table, but unsure how to do this properly. I came up with something like this to include in the policy:
when CLIENT ACCEPTED {
table set -subtable enforcewebtop::[IP::client_addr] }
when CLIENT_CLOSED { table delete -subtable enforcewebtop:[IP::client_addr] }
Here is what I was thinking for the iRule to apply to the forwarding vs. Basically if it cannot find the client IP then redirect.
when CLIENT ACCEPTED {
if { [table lookup -subtable enforcewebtop "[IP::client_addr]" != "" } { HTTP::redirect "link to the webtop here" } }
I am sure I am missing a lot. It does not have to be a redirect either. Could also just reject. I was also unsure if I would need to set the variable to the Client IP to actually lookup the table?
Any help would be appreciated.
RaghavendraSYAltostratus
Can you please provide your virtual server configuration. Did you apply http profile to VIP 443 or VIP 80?
- ehergott_345008
I asked a similar question to this and received a response that if I apply the HTTP profile then I need the SSL cert and a client ssl profile applied. I have requested this from the admins, but have not gotten it yet. So I have it set up as a Forwarding IP server using port 443.
This is fine, but I need to prevent an admin from reaching the virtual server without first going through an access policy I created.
Mentioned I could do this via an iRule using a table, but unsure how to do this properly. I came up with something like this to include in the policy:
when CLIENT ACCEPTED {
table set -subtable enforcewebtop::[IP::client_addr] }
when CLIENT_CLOSED { table delete -subtable enforcewebtop:[IP::client_addr] }
Here is what I was thinking for the iRule to apply to the forwarding vs. Basically if it cannot find the client IP then redirect.
when CLIENT ACCEPTED {
if { [table lookup -subtable enforcewebtop "[IP::client_addr]" != "" } { HTTP::redirect "link to the webtop here" } }
I am sure I am missing a lot. It does not have to be a redirect either. Could also just reject. I was also unsure if I would need to set the variable to the Client IP to actually lookup the table?
Any help would be appreciated.
