Forum Discussion
How will the ASM know if a user requesting /admin is an admin or not? You need a way to identify the user requesting the page before he gots the response. This can't be done with ASM because for unauthenticated users, there is no information telling whether it is an admin or not.
But you have some workarounds to identify the user, the one I use is to make the admin send a secret http header with a predefined value (e.g. X-Auth-Token:1234567ABCD) and let the F5 checks with a policy or an iRule for the existence of this header whenever the admin url is requested, if it does not exist then request is dropped.
Admin should use a browser extension to push the secret header.