Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Randy_Johnson_L's avatar
Randy_Johnson_L
Icon for Nimbostratus rankNimbostratus
Jul 13, 2017

'HairPinning' on LTM ?

I have a case where I have a Virtual Server provisioned, and accessible from the world at 'https://company.com'.   Now we need other, 'internal' applications to be able to call to 'https://company...
application delivery
LTM
ekaleido_26616's avatar
ekaleido_26616
Icon for Cirrocumulus rankCirrocumulus
Jul 13, 2017

Can you use an iRule to control who can access /urihere? Would seem to be the easiest way, given the information you've provided. There are cleaner ways, but this is a start...

when HTTP_REQUEST {
  if { [HTTP::path] starts_with "/urihere" } {
    switch -glob [IP::client_addr] {
      "10.*" { return }
      "172.12.*" { return }
      "192.168.*" { return }
      default { discard }
    }
  }
}
Randy_Johnson_L's avatar
Randy_Johnson_L
Icon for Nimbostratus rankNimbostratus
Jul 13, 2017

Thaks, ekaleido-- Not quite what I'm going for, as my internal webservers do not seem to be able to even reach 'themselves' through the externally facing VIP / hairpinning. However, these 'internal' webservers are able to ping and traceroute from the internal servers to the external company.com. However, when attempting to connect to https://company.com, I get a 'Connection Reset'.