F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mister_paul_717's avatar
mister_paul_717
Icon for Nimbostratus rankNimbostratus
Feb 09, 2011

Interesting puzzle...

Well, at least I'm finding it interesting...     We have a test web site that we've exposed to the internet, so that we can test it in conjunction with an external vendor that provides an Akamai...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 10, 2011
Hi Paul,

 

 

By default, ASM cannot do anything for access control based on client IP address/subnet. You could use an iRule to perform basic HTTP auth. Or you could use the Access Policy Module (APM) to do this.

 

 

Here's an elegant example from George Watkins for doing basic auth in an iRule:

 

 

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086387/categoryId/16/HTTP-Basic-Access-Authentication-iRule-Style.aspx

 

 

You could modify this to apply the auth requirements for anyone not in a given set of IP addresses/subnets as defined in a address type datagroup.

 

 

Aaron