Forum Discussion
how to limit access to URI:/login-admin in ASM
W
How could i limit access to uri:/login-admin only for admins while other uri are accessable in intrenet for all
1 Reply
How will the ASM know if a user requesting /admin is an admin or not? You need a way to identify the user requesting the page before he gots the response. This can't be done with ASM because for unauthenticated users, there is no information telling whether it is an admin or not.
But you have some workarounds to identify the user, the one I use is to make the admin send a secret http header with a predefined value (e.g. X-Auth-Token:1234567ABCD) and let the F5 checks with a policy or an iRule for the existence of this header whenever the admin url is requested, if it does not exist then request is dropped.
Admin should use a browser extension to push the secret header.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com