Forum Discussion

Nimbostratus

Feb 09, 2011

Interesting puzzle...

Well, at least I'm finding it interesting... We have a test web site that we've exposed to the internet, so that we can test it in conjunction with an external vendor that provides an Akamai...

app sec

BIG-IP Access Policy Manager (APM)

security

hooleylist

Cirrostratus

Feb 10, 2011

Hi Paul,

By default, ASM cannot do anything for access control based on client IP address/subnet. You could use an iRule to perform basic HTTP auth. Or you could use the Access Policy Module (APM) to do this.

Here's an elegant example from George Watkins for doing basic auth in an iRule:

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086387/categoryId/16/HTTP-Basic-Access-Authentication-iRule-Style.aspx

You could modify this to apply the auth requirements for anyone not in a given set of IP addresses/subnets as defined in a address type datagroup.

Aaron

Forum Discussion

Interesting puzzle...

Recent Discussions

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

Related Content

Interesting Data versus Useful Data

Are iApps interesting?

SWG - Adding the Last Piece to the TMG Replacement Puzzle

[APM] ACL Interest

Interesting Class Behavior