Forum Discussion
Alexander_Stewa
Aug 02, 2007Nimbostratus
My company is a web hosting company which is about to start supporting PHP. While username and password are nice (and configured already), we would prefer to completely disabled access to the BigIP iControl from user PHP scripts (the PHP network isolated on a seperate network interface on the BigIP, so I was hoping I could simply disabled iControl on that interface). We definately won't do 2 since we need config sync for our devices.
Basically I am worried that any user could attempt to brute force crack our BigIP password since you are saying we can't disable iControl. That is disappointing, but I don't know what else to do. I was thinking that a user wouldn't be able to log into the BigIP web interface using a php command line browser (I could be wrong here), so iControl seemed more dangerous, but if we could disable the web interface on certain network interfaces that would have been nice too. (or if there was some kind of option like "Only allow management (iControl, web, ssh, or otherwise) over the management interface," that would work nicely as well).