For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_Welsh's avatar
Eric_Welsh
Icon for Nimbostratus rankNimbostratus
Dec 17, 2018

Separate Access Profiles for Different URIs on the Same Domain

Hello DevCentral, long time lurker, first time caller. Let me preface this post with the fact that I am not an F5 wizard, and I am learning a lot of what I am doing as I go (and thanks to the wonderf...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
John_Huttley's avatar
John_Huttley
Icon for Employee rankEmployee
Dec 25, 2018

Hi,

On the all Access policies involved, have you enabled profile scope "Global"?

This setting prevents a malicious user from establishing a session using one virtual server, and then using that same session to access, potentially without further authentication, another virtual server and the resources behind it.

Profile Gives a user access only to resources that are behind the same access profile. This is the default value.

Virtual Server Gives a user access only to resources that are behind the same virtual server.

Global Gives a user access to resources behind any access profile that has global scope

This might be a quick fix by allowing authorisation to be shared, otherwise it will need a fair bit of plotting out and debugging..

John