For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

thagmann_128177's avatar
thagmann_128177
Icon for Nimbostratus rankNimbostratus
Nov 24, 2004

BIGIP 9.0 - Root vs. Other Accounts

Based on iControl testing we are doing, when we try to auth an IControl request to the BIGIP using the root account/correct pass we keep getting "401: Authorization Required" errors. When I do the sa...
dev
devops
iControl
thagmann_128177's avatar
thagmann_128177
Icon for Nimbostratus rankNimbostratus
Mar 10, 2005
F5,

 

 

Continuing along these lines I have 2 more questions.

 

 

1.) So am I right in assuming that iControl calls are split in terms of access? Thus is there logic that seperates read calls vs. write calls?

 

 

Essentially what I am wondering is if I have say a Operator level account in the WEBUI, does that Operator account have operator level access to iControl as well as the WEBGUI? And further along those lines, does a WEBGUI admin account have full access to iControl, does a guest account have just read access, etc.?

 

 

2.) I know that the /config/httpd/conf/httpd.conf file allows me to do IP ACLs on the WEBGUI under the following heading:

 

 

================================================================

 

*** Section Removed

 

================================================================

 

 

Does this section also apply to locking down iControl access or is that a seperate section in this file, or can it not be done?

 

 

Thanks,

 

 

- Tom