Forum Discussion

Lior_54855's avatar
Lior_54855
Icon for Nimbostratus rankNimbostratus
Dec 03, 2014

Restrict Post/Put methods

Hi,

 

I want to give my development team restricted access to the F5 with REST API. I need to give them only restricted access so they can monitor the status of the pool members. How can I restrict them to a specific HTTP method, for example only GET?

 

Thanks in advance, Lior Franko,

 

APM
application delivery
devops
iControl
iControlREST
LTM
security
TMSH

6 Replies

Sort By
  • Lior_54855's avatar
    Lior_54855
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2014

    Hi,

     

    Thank you for this link. I know how to do it with ASM or with iRule, but the REST API works on the MGMT interface. Is there a way I can create virtual server and send the REST API requests through this virtual server?

     

    • R_Marc's avatar
      R_Marc
      Icon for Nimbostratus rankNimbostratus
      Dec 03, 2014
      Sorry, misunderstood your question...I believe that access is handled via an apache instance. You could perhaps modify the /etc/http/http.conf and add in some rewrite rules to block the unwanted methods. That might persist reboots, but would not likely persist upgrades. They don't appear to have included the allowed methods module. However, you would be limiting the capability of the REST API to Read Only, unless you wrote a complicated rule to allow some IP's users to PUT/POST.
  • Lior_54855's avatar
    Lior_54855
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2014

    Yea that's what I thought so. I'm guessing F5 will add restricted users sometime, it's mandatory. If anyone else know how to do it without modifying the /etc/http/http.conf I'll loved to know.

     

    Thank you for the help.

     

    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      Dec 03, 2014
      you should open an f5 support case to request the feature