Token based ACL in header

Question

Is it possible to configure below on LTMs?

Implement token based ACL in header (which web server/LB checks before allowing access to websites). This token needs to be valid for a very short time and should automatically expire after say 7 days, this blocking access to ACC (unless renewed for another testing). The client’s needs to send this secret token in HTTP header to be able to access this website.

Thanks

boneyard · Answer

sure, shouldn't be that hard. BIG-IP can check the header for sure. it can check if the token is allowed in table and once it is used start a timer.

main thing is how to determine which tokens are valid and how the users get them. if you want to automate that things become more tricky, but it probably can be build.

Forum Discussion

Token based ACL in header

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

Demystifying iControl REST Part 6: Token-Based Authentication

JSON Web Token (JWT) Parser

Rate Limiting based on ACCESS TOKEN (OAuth 2.0)

(HTTP) Redirection via Arbitrary Host Header

Python SDK Cookbook: Working with Auth Tokens

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS