Force all requests to use Virtual Server

Question

We need to control requests reaching a back end service running on a back end host and make sure that the request came through a valid virtual server on the F5 instead of going around the virtual server, directly to the back end server.

If a SNAT POOL or SNAT LIST is in play, then the source ip address will tell us.

If no source address translation is being done, how would we prove the request came through the right virtual server.

When an 'illegal' request is detected we want to redirect to the right virtual server or drop the request.

Using a custom header field will not help because it can be spoofed.

Is there a metric in the request we can use to identify where it come from and the path it took?

jg · Answer

A very vague situation you are presenting here. What application is it, what protocol is used, and why do  you want to restrict access to via F5?

nath · Answer

What type of F5 deployment did you use on this configuration? Can you share your config file?

david_m · Answer

If you wish to only use the app through the f5 VIP then make sure the clients cannot get to the server subnet at all and only reach the VIP.

Remove the default gateway on the servers and use automap on the f5, that's a way to do i.t

Forum Discussion

Force all requests to use Virtual Server

3 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Block Active-Sync on Virtual Server

Loadbalancing Virtual Server as Nodes

Https virtual server offline

OCSP: Bad Request

Restrict access to virtual server during specified time