For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

shadow82's avatar
shadow82
Icon for Cirrus rankCirrus
Dec 28, 2022

F5 VIP with path in url?

I've been asked to make a new VIP https://example.com:8443/services How should I apporach this? Do https VIP on port 8443 and ask backend server guys to serve the path part "/services", or...? I'...
application delivery
Mayur_Sutare's avatar
Mayur_Sutare
Icon for MVP rankMVP
Dec 28, 2022

PSFletchTheTek -

Looking at the requirement given, you need to create a VIP and map backend pool to it as mentioned by PSFletchTheTek . Whatever is present on backend_pool_member/services , same will be appear on https://example.com:8443/services i.e. using F5 VIP.

If they want only specific path i.e. /services to be available and rest else should be blocked then it can be manageble on F5 as well as backend app url config. So there's no clarity on it and need to be checked. 

With this, you should be good.

 

 

 

 

 

CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP
Dec 28, 2022

I'd just like to mention that if hardening on backend can't be performed for whatever reason (let's say other servers in your network need to access your node on that same socket with other paths), you can also implement an LTM policy on your BIG-IP to check for /services path in the URL and rejecting any other client request. 

You do need to assign an http profile to the virtual server (as well as the LTM policy of course) to achieve this. If we're talking about HTTPS traffic, you also need to import certificates on the BIG-IP unit and configure + assign a clientSSL (end eventually serverSSL too) profile/s to that same VS.