Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

how to limit access to URI:/login-admin in ASM



How could i limit access to uri:/login-admin only for admins while other uri are accessable in intrenet for all


How will the ASM know if a user requesting /admin is an admin or not? You need a way to identify the user requesting the page before he gots the response. This can't be done with ASM because for unauthenticated users, there is no information telling whether it is an admin or not.

But you have some workarounds to identify the user, the one I use is to make the admin send a secret http header with a predefined value (e.g. X-Auth-Token:1234567ABCD) and let the F5 checks with a policy or an iRule for the existence of this header whenever the admin url is requested, if it does not exist then request is dropped.

Admin should use a browser extension to push the secret header.