Forum Discussion

Cirrus

Mar 20, 2024

F5 Irule to segregate the LDAP traffic and PKI traffic

Hello F5 Experts ,

I would need some help in preparing an irule construct for our LDAP VIP.

Currently we have a LDAP VIP on an insecure port 389 . Which means anyone using this could potentially expose credentials in clear text across the network.

The issue we have is that insecure access is required by applications who need to consume the certificate revocation lists, but we need to find a way of blocking access to the port 389 for applications which are trying to connect to the ldap data.

So in this case there is no ability to block access based on source addresses as the same hosts might need to access the pki data, so we are trying to explore what solutions we have . Most probably an irule for content based allow or deny .

Thanks in Advance for your support

application delivery

No RepliesBe the first to reply

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 Irule to segregate the LDAP traffic and PKI traffic

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

fellow traffic

Block traffic

Traffic Intelligence in AFM through Categories

Use topology labels to reduce cross-AZ ingress traffic with F5 CIS and EKS

Managing Kubernetes Traffic With F5 NGINX: A Practical Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS