One VIP, several websites

andimorrisandimorris Member
Hi all,

apologies for cross posting. I think this might get more luck in the AFlex forum rather than the General forum.

can somebody please advise me on the best approaches for the following two scenarios? I can’t figure out whether aflex, http filters, WAF, or a combination of the three are the way to go.

Scenario 1:
One VIP reverse proxying one web server. This web server has several different websites with differing URLS (e.g website1.domain.com, website2.domain.com), using a mixture of http and https. If possible I’d like the A10 to only allow access to specific URLS.

Scenario 2:
One VIP reverse proxying one web server. The web server has several different websites with differing paths (e.g. website.domain.com/path1 website.domain.com/path2). All of which are https through to the server. Again I’d like A10 to restrict the paths available.

Any advice would be appreciated.

Comments

  • diederikdiederik Member
    edited May 2017
    For Scenario 1, how exactly do you want to limit access?

    You can use an HTTP template and use host switching, don't set a default servicegroup in the config and based on the "host header" only the hostnames specified in your host switching config will be allowed.

    On the HTTPS side, this template will also get applied, but only after the SSL session is established. If you want to block "SSL" connections to hostnames that you do not host or specific ones you want to block, you need to use SNI hooks in aFlex.

    For scenario 2, if you just want to filter paths, and the hostname is the same, you can use "Application Switching"... similar to "Host Switching" also in the HTTP Template.
    You can't use host and app switching together in the same template.
    For host and app switching together I would use aFlex... switch on Host followed by a switch on URI.
  • edited June 2017
    You can do it also with AFLEX and class list.
Sign In or Register to comment.