Force all requests to use Virtual Server

Question

We need to control requests reaching a back end service running on a back end host and make sure that the request came through a valid virtual server on the F5 instead of going around the virtual server, directly to the back end server.

If a SNAT POOL or SNAT LIST is in play, then the source ip address will tell us.

If no source address translation is being done, how would we prove the request came through the right virtual server.

When an 'illegal' request is detected we want to redirect to the right virtual server or drop the request.

Using a custom header field will not help because it can be spoofed.

Is there a metric in the request we can use to identify where it come from and the path it took?

jg · Answer

A very vague situation you are presenting here. What application is it, what protocol is used, and why do  you want to restrict access to via F5?

nath · Answer

What type of F5 deployment did you use on this configuration? Can you share your config file?

david_m · Answer

If you wish to only use the app through the f5 VIP then make sure the clients cannot get to the server subnet at all and only reach the VIP.

Remove the default gateway on the servers and use automap on the f5, that's a way to do i.t

Forum Discussion

Force all requests to use Virtual Server

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Handling HTTP Requests on an HTTPS Virtual Server

iControl REST Cookbook - Virtual Server (ltm virtual)

virtual server config

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS