For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

david_20684's avatar
david_20684
Icon for Nimbostratus rankNimbostratus
May 08, 2008

IP address and domain name restrictions in IIS

Has anyone come up with a solution for "IP Address and Domain Name Restrictions" settings in IIS behind an f5?     I would like to restrict access to our web servers running a private appli...
microsoft
partner
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 09, 2008
I think your other post is more relevant (Click here). Using the XFF header value option and not doing any access control on LTM would mean the application would need to enforce the access control based on the requested URI and the XFF header value.

 

 

The XFF header value would contain the source IP address that LTM receives on the client side TCP connection. After posting the note above, I tested and found that you can configure the HTTP profile with X-Forwarded-For for the header to remove. All existing headers with this name are removed. You can enable XFF on the HTTP profile and LTM will insert the original client IP in the X-Forwarded-For header after removing any existing ones.

 

 

Aaron