Forum Discussion

Nimbostratus

Feb 09, 2011

Interesting puzzle...

Well, at least I'm finding it interesting... We have a test web site that we've exposed to the internet, so that we can test it in conjunction with an external vendor that provides an Akamai...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

Feb 10, 2011

Hi Paul,

By default, ASM cannot do anything for access control based on client IP address/subnet. You could use an iRule to perform basic HTTP auth. Or you could use the Access Policy Module (APM) to do this.

Here's an elegant example from George Watkins for doing basic auth in an iRule:

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086387/categoryId/16/HTTP-Basic-Access-Authentication-iRule-Style.aspx

You could modify this to apply the auth requirements for anyone not in a given set of IP addresses/subnets as defined in a address type datagroup.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)