For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vladimir_Budilo's avatar
Vladimir_Budilo
Icon for Nimbostratus rankNimbostratus
Feb 09, 2010

F5 Webservice Mutual Authentication Functionality

I have created an application that utilizes the F5's webservice to query and manipulate the GTM setup (enabling/disabling a pool-member, etc).     During a security review at my company, a...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 09, 2010
Hi Vladimir,

 

 

One option that may/may not work:

 

 

An LTM VIP can request or require a client cert for the clientside connection. LTM can also provide a client cert for the serverside connection. You can search on AskF5.com for clientssl profile or serverssl profile for details. There are a few solutions on this as well as manual chapters in the LTM config guide. You could use an iRule to select 127.0.0.1:80 as the node (when CLIENT_ACCEPTED { node 127.0.0.1 80}).

 

 

The iRule should work around a limitation of not being allowed to define a pool member on the loopback interface:

 

 

BIGpipe pool member creation error:

 

01020061:3: IP Address 127.0.0.1 is invalid, loopback not allowed.

 

 

Aaron