Forum Discussion

Subrun's avatar
Subrun
Icon for Cirrostratus rankCirrostratus
Aug 23, 2023

Restrict URI basis access when source has no static IP

Hi,

How to restrict URI basis access when source has no static IP ?

Some of the vendor I see do not have static ip , so we will not be able to do URI level restriction for a specific source/company using src IP.

Cert based auth is not feasible as all vendor will not support cert based auth , then need to configure multiple VIP  ( one for which can use cert auth and other for who does not support cert based auth ) , but we do not want to create multiple VIPs. Trying to see if we can fit the solution within a vip.

my scenario is like below

A Company >> f5.com/ur1

B Company >> f5.com/ur2

A will not be able to access ur1 and vice versa.

Based on my scenario which module i should use LTM - irule , APM , ASM  ?

3 Replies

  • Hi Subrun , 

    so you need different way other than source address ip to identify Company A/B... traffic. 

    you can ask them about their range of Ip subnets or address , and them in a data group >>> then match on this Data group to return the correct url response. 


    • f5Subrun's avatar
      f5Subrun
      Icon for Nimbostratus rankNimbostratus

      as I said some of the company change their ip , so not trying to use src ip as condition. 

      • Yes I know. 
        I proposed only this Data-group option , as I think there is no other criteria to put it as conditions. 

        Maybe another one in DevCentral give you clue.