Forum Discussion

Larry_Wichter's avatar
Icon for Nimbostratus rankNimbostratus
Sep 04, 2019

Force all requests to use Virtual Server

We need to control requests reaching a back end service running on a back end host and make sure that the request came through a valid virtual server on the F5 instead of going around the virtual server, directly to the back end server.


If a SNAT POOL or SNAT LIST is in play, then the source ip address will tell us.


If no source address translation is being done, how would we prove the request came through the right virtual server.


When an 'illegal' request is detected we want to redirect to the right virtual server or drop the request.


Using a custom header field will not help because it can be spoofed.


Is there a metric in the request we can use to identify where it come from and the path it took?



3 Replies

  • JG's avatar
    Icon for Cumulonimbus rankCumulonimbus

    A very vague situation you are presenting here. What application is it, what protocol is used, and why do you want to restrict access to via F5?

  • Nath's avatar
    Icon for Cirrostratus rankCirrostratus

    What type of F5 deployment did you use on this configuration? Can you share your config file?

  • If you wish to only use the app through the f5 VIP then make sure the clients cannot get to the server subnet at all and only reach the VIP.


    Remove the default gateway on the servers and use automap on the f5, that's a way to do i.t