Restrict traffic for LTM VIP to shared web node to ensure security

Question

Hi,&nbsp;I bit confusing topic maybe but let me explain!&nbsp;The LTM VIP has mutual TLS configured (certificate authentication) and HTTPS.Behind that one we have a web server farm hosting several sites.So if I were to put a website there and use the mutual TLS setup to protect it, there is still ways to get in there by using the same host header and going through other VIPs that doesnt have the protection mentioned.&nbsp;So, is there a design scenario where we still can use a shared web site / node IP to have the mutual TLS configured on the LTM and not exposing our self via other VIPs?&nbsp;The only scenario I can see at the moment is to use a separate IP for this website to bind the webserver to, so it wont let other VIPs passing information beside the mutual TLS VIP.&nbsp;Thanks in advance!Rob

niels_van_sluis · Answer

You could use a profile on the other VIPs to reject traffic for the hostname that belongs to the mutual TLS virtual server. See example below.&nbsp;

mr_rj · Answer

Thank you, that looks like a working solution!

Forum Discussion

Restrict traffic for LTM VIP to shared web node to ensure security

Recent Discussions

did not show checkbox on chrome while access through f5

How do I create a traffic log for two different route domains?

Flip-flop load balancing

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

Related Content

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more

Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security

Why K8s Egress Traffic Policy Control is Critical to Security Architecture- Part 1

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS