Access Control Based On request

Question

Hello All, 
&nbsp;  
&nbsp; i tried draw the ropology,  i will configure F5 in bridge mode in this topolog; 
&nbsp;         Gprs Router 
&nbsp;      | 
&nbsp;          |        | 
&nbsp;       |             | 
&nbsp;     |           | 
&nbsp;   LTM 6800 --------  Ltm 6800 
&nbsp;     || 
&nbsp;     || 
&nbsp;     || 
&nbsp;     || 
&nbsp;  Cisco Switch----- Cisco switch    
&nbsp;     || 
&nbsp;     || 
&nbsp;     || 
&nbsp;     || 
&nbsp; Firewall 1   Firewall 2 
&nbsp;  
&nbsp; Clients will come from behind firewalls and They will pass over F5 units then if F5 see HTTP request he trigger the irule then; 
&nbsp;  
&nbsp; when HTTP_REQUEST {   
&nbsp;      
&nbsp;     if { ( [matchclass [HTTP::uri] equals $::blockeddb] )  }   
&nbsp;     {   
&nbsp;        discard      
&nbsp;  }   
&nbsp;      
&nbsp;   }   
&nbsp;  
&nbsp; blockeddb samples (www.xx.com, www.xx.com/xxx) 
&nbsp;  
&nbsp; question ; 
&nbsp; 1- Do you suggest this topology with this irule  
&nbsp; 2- how many records can be in data group  class 
&nbsp; 3- if i want do add some records in class how can i do this automaticly? 
&nbsp; 4- What do you think about cpu usage, do you suggest biggest model? we have 300-400 mbits traffic in this section and i can position bigger model? 
&nbsp;  
&nbsp; regards 
&nbsp;  
&nbsp; Zafer 
&nbsp;

colin_walker_12 · Answer

I think that using a class would work just fine.  A class can hold up to several thousand records, depending on the size of each record.  If you're looking to automatically add entries to the class, you'd do that via iControl.  And as far as usage of the systems, I really couldn't say, you'd have to talk to a sales person for sizing suggestions. 
&nbsp;  
&nbsp; Colin

zafer · Answer

&nbsp; i need to know irule site. if i add 20.000 records on data group what will be cpu usage? 
&nbsp;  
&nbsp; regards 
&nbsp;  
&nbsp; zafer

hooleylist · Answer

I don't think anyone's going to be able to give you definitive resource usage rates based on your specific configuration.  If you're able to test on a dev unit, you'll be able to get the most accurate metrics. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Access Control Based On request

3 Replies

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Distributed caching of authentication requests with NGINX Ingress Controller

API Security: How to implement API Access Control with F5

Overview of API Access Control and implementing API key access control with BIG-IP APM

JWT authorization with NGINX Ingress Controller

Advanced API Access Control with BIG-IP APM – Part I