Restrict URI basis access when source has no static IP

Subrun · ‎23-Aug-2023

Hi,

How to restrict URI basis access when source has no static IP ?

Some of the vendor I see do not have static ip , so we will not be able to do URI level restriction for a specific source/company using src IP.

Cert based auth is not feasible as all vendor will not support cert based auth , then need to configure multiple VIP ( one for which can use cert auth and other for who does not support cert based auth ) , but we do not want to create multiple VIPs. Trying to see if we can fit the solution within a vip.

my scenario is like below

A Company >> f5.com/ur1

B Company >> f5.com/ur2

A will not be able to access ur1 and vice versa.

Based on my scenario which module i should use LTM - irule , APM , ASM ?

Mohamed_Ahmed_Kansoh · ‎23-Aug-2023

Hi @Subrun ,

so you need different way other than source address ip to identify Company A/B... traffic.

you can ask them about their range of Ip subnets or address , and them in a data group >>> then match on this Data group to return the correct url response.

_______________________
Regards
Mohamed Kansoh

f5Subrun · ‎24-Aug-2023

as I said some of the company change their ip , so not trying to use src ip as condition.

Mohamed_Ahmed_Kansoh · ‎24-Aug-2023

Yes I know.
I proposed only this Data-group option , as I think there is no other criteria to put it as conditions.

Maybe another one in DevCentral give you clue.

_______________________
Regards
Mohamed Kansoh

DevCentral

Restrict URI basis access when source has no static IP

MFA required on DevCentral