how to limit access to URI:/login-admin in ASM

Question

WHow could i limit access to uri:/login-admin only for admins while other uri are accessable in intrenet for all

amine_kadimi · Answer

How will the ASM know if a user requesting /admin is an admin or not? You need a way to identify the user requesting the page before he gots the response. This can't be done with ASM because for unauthenticated users, there is no information telling whether it is an admin or not.
But you have some workarounds to identify the user, the one I use is to make the admin send a secret http header with a predefined value (e.g. X-Auth-Token:1234567ABCD) and let the F5 checks with a policy or an iRule for the existence of this header whenever the admin url is requested, if it does not exist then request is dropped.
Admin should use a browser extension to push the secret header.

Forum Discussion

how to limit access to URI:/login-admin in ASM

1 Reply

Recent Discussions

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

How to limit some snmp mib access

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Rate Limiting based on ACCESS TOKEN (OAuth 2.0)

ASM filtered HTML exceeded limit: event code C190 Filtered Response HTML exceeded max limit

Overview of API Access Control and implementing API key access control with BIG-IP APM