For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brian_Mayer_841's avatar
Brian_Mayer_841
Icon for Nimbostratus rankNimbostratus
Nov 06, 2007

Client authentication bypass for internal IPs

Hi,     We are getting ready to implement the LTM Advanced Client Authentication module to authenticate some test users that will access our new sites behind the F5 LTMs. That should be pretty ...
application delivery
dev
devops
iRules
Brian_Mayer_841's avatar
Brian_Mayer_841
Icon for Nimbostratus rankNimbostratus
Nov 09, 2007
Another thing I just thought of...any way to use the iRule for cookie-based authentication on this page:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/ClientAuthUsingHttpCookie.html

 

 

...maybe combining it with the source IP check to put the necessary cookie in users' browsers if the IP connection is coming from the right nets? Of course for this to work like we hope, the cookie would need to be automatically given to authorized browsers so users are authenticated behind-the-scenes.

 

 

What do you think?