Forum Discussion

F5LearnerLNR's avatar
F5LearnerLNR
Icon for Altostratus rankAltostratus
Mar 20, 2024

F5 Irule to segregate the LDAP traffic and PKI traffic

Hello F5 Experts ,

 

I would need some help in preparing an irule construct  for our LDAP VIP.

Currently we have a LDAP VIP on an insecure port 389 . Which means anyone using this could potentially expose credentials in clear text across the network.

The issue we have is that insecure access is required by applications who need to consume the certificate revocation lists, but we need to find a way of blocking access to the port 389 for applications which are trying to connect to the ldap data.

 

So in this case there is no ability to block access based on source addresses as the same hosts might need to access the pki data, so we are trying to explore what solutions we have . Most probably an irule  for content based allow or deny .

 

 

Thanks in Advance for your support

 

 

No RepliesBe the first to reply