Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

API architecture vulnerability

my web dev team is bringing up concerns about the openness of our API architecture from a Security perspective. I am struggling with the spend and effort associated with implementing an API Manager. The concern is that when we go live with our e commerce platform we will have 150 API’s that are open. To control those we will need to leverage iRules on the F5.

does anyone have a position on how high our risk exposure is and if using the F5 is a feasible approach to API protection at this state.

Rate this Question
Comments on this Question
Comment made 24-Aug-2016 by ekaleido 726

How do you want to limit access to these APIs? By IP? Usernames? More details and we can provide a better answer.

Comment made 24-Aug-2016 by jerm1020 156

Probably by IP's but both options are on the table.

Comment made 24-Aug-2016 by Vijay 4944

IP based protection is easier. You can just block access to https.

Comment made 24-Aug-2016 by ekaleido 726

IP based can be done either by specifying a source in the VIP or by applying a relatively simple iRule that references an IP datagroup. Usernames wouldn't really protect you, the more I think about it, and there are lots of iRule examples for creating "IP whitelists."


Answers to this Question