For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Subrun's avatar
Subrun
Icon for Cirrostratus rankCirrostratus
Aug 23, 2023

Restrict URI basis access when source has no static IP

Hi,

How to restrict URI basis access when source has no static IP ?

Some of the vendor I see do not have static ip , so we will not be able to do URI level restriction for a specific source/company using src IP.

Cert based auth is not feasible as all vendor will not support cert based auth , then need to configure multiple VIP  ( one for which can use cert auth and other for who does not support cert based auth ) , but we do not want to create multiple VIPs. Trying to see if we can fit the solution within a vip.

my scenario is like below

A Company >> f5.com/ur1

B Company >> f5.com/ur2

A will not be able to access ur1 and vice versa.

Based on my scenario which module i should use LTM - irule , APM , ASM  ?

application delivery

3 Replies

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Aug 23, 2023

    Hi Subrun , 

    so you need different way other than source address ip to identify Company A/B... traffic. 

    you can ask them about their range of Ip subnets or address , and them in a data group >>> then match on this Data group to return the correct url response. 


    • f5Subrun's avatar
      f5Subrun
      Icon for Cirrus rankCirrus
      Aug 24, 2023

      as I said some of the company change their ip , so not trying to use src ip as condition. 

      • Mohamed_Ahmed_Kansoh's avatar
        Mohamed_Ahmed_Kansoh
        Icon for MVP rankMVP
        Aug 24, 2023

        Yes I know. 
        I proposed only this Data-group option , as I think there is no other criteria to put it as conditions. 

        Maybe another one in DevCentral give you clue.