Forum Discussion

david_20684's avatar
david_20684
Icon for Nimbostratus rankNimbostratus
May 08, 2008

IP address and domain name restrictions in IIS

Has anyone come up with a solution for "IP Address and Domain Name Restrictions" settings in IIS behind an f5?

 

 

I would like to restrict access to our web servers running a private application from specific addresses (trusted source), generally you can add these in IIS and control and manage who will be able to access your private application by granting or denying access.

 

 

Thanks
microsoft
partner

12 Replies

Sort By
Show More
  • Geoff_Littlewoo's avatar
    Geoff_Littlewoo
    Icon for Nimbostratus rankNimbostratus
    Sep 09, 2008
    So does your script above put the "real " clients IP address in ?

     

    When you say "You'll need to parse the XFF header value to get the original IP address the BIG-IP received. "

     

    Does the last line of the iRule put the clients IP address in to the header, removing the F5 IP address ?

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 09, 2008
    I think your other post is more relevant (Click here). Using the XFF header value option and not doing any access control on LTM would mean the application would need to enforce the access control based on the requested URI and the XFF header value.

     

     

    The XFF header value would contain the source IP address that LTM receives on the client side TCP connection. After posting the note above, I tested and found that you can configure the HTTP profile with X-Forwarded-For for the header to remove. All existing headers with this name are removed. You can enable XFF on the HTTP profile and LTM will insert the original client IP in the X-Forwarded-For header after removing any existing ones.

     

     

    Aaron