Forum Discussion

farzadkhoddami's avatar
farzadkhoddami
Icon for Nimbostratus rankNimbostratus
Mar 13, 2023

how to limit access to URI:/login-admin in ASM

W

How could i limit access to uri:/login-admin only for admins while other uri are accessable in intrenet for all

  • How will the ASM know if a user requesting /admin is an admin or not? You need a way to identify the user requesting the page before he gots the response. This can't be done with ASM because for unauthenticated users, there is no information telling whether it is an admin or not.

    But you have some workarounds to identify the user, the one I use is to make the admin send a secret http header with a predefined value (e.g. X-Auth-Token:1234567ABCD) and let the F5 checks with a policy or an iRule for the existence of this header whenever the admin url is requested, if it does not exist then request is dropped.

    Admin should use a browser extension to push the secret header.