Forum Discussion

Cirrostratus

Dec 20, 2016

Security considerations for APM portal access

Security considerations for APM portal access We are publishing an application through APM with a portal access for the first time. With no ASM in front, are there any security aspects we ...

application delivery

BIG-IP Access Policy Manager (APM)

portal

security

Lucas_Thompson_

Historic F5 Account

Dec 20, 2016

For security in Portal Access, we generally recommend against proxying the internet, so keep it to internal applications using the split settings in the rewrite profile, so that you're only rewriting your domain.

So:

Split, ACLs. Those are probably the two biggest concerns.

Lucas_Thompson_

Historic F5 Account

Dec 22, 2016

Split settings are not relevant to ACLs except that any non-bypass content should be allowed by ACLs.

ACLs control access once the user tries to request content, allow or deny.

Split-settings control what rewrite tells the user about where the content is, either local or remote.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Security considerations for APM portal access

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

Need Advice on below issue

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

threat hunting guide

Webtop which has VNC for macos users

Related Content

Quarterly Security Notification October 2025

Implementing SSL Orchestrator - High Level Considerations

Implementing SSL Orchestrator - Certificate Considerations

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

Securing MCP Servers with F5 Distributed Cloud WAF

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS