For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ali_F_101979's avatar
Ali_F_101979
Icon for Nimbostratus rankNimbostratus
Jan 29, 2008

Restrict admin GUI to certain IPs

Using 3400 & 6400 with v9.4.3 HF1, I used the following commands to restrict GUI (webadmin) access to one ip: (example)   b httpd allow 192.168.1.254/255.255.255.255   b save all   bigstart r...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 30, 2008
When you change use b httpd allow IP, it should modify the internal database and the httpd.conf. You can view the configuration using 'b db list'. The key is called service.httpd.allow:

 

 

db service.httpd.allow {

 

"10.11.12.13/32"

 

}

 

 

You should also see the httpd.conf modified:

 

 

 

 

Controls who can get stuff from this server.

 

 

Order Deny,Allow

 

Allow from 127 10.11.12.13/32/32

 

 

 

 

 

 

However, it doesn't look like there is a deny from clause which would actually block access from any other ip/range.

 

 

I would have expected it to look like this:

 

 

 

 

Controls who can get stuff from this server.

 

 

Order Deny,Allow

 

Allow from 127 192.168.99.210/32

 

deny from all

 

 

 

 

 

Anyone else know the story on this?

 

 

Aaron