One VIP, several websites

Community Forum Forums Thunder and AX Series aFleX One VIP, several websites

This topic contains 2 replies, has 3 voices, and was last updated by avatar luca.dm 1 year, 11 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #11852
    avatar
    andimorris
    Member

    Hi all,

    apologies for cross posting. I think this might get more luck in the AFlex forum rather than the General forum.

    can somebody please advise me on the best approaches for the following two scenarios? I can’t figure out whether aflex, http filters, WAF, or a combination of the three are the way to go.

    Scenario 1:
    One VIP reverse proxying one web server. This web server has several different websites with differing URLS (e.g website1.domain.com, website2.domain.com), using a mixture of http and https. If possible I’d like the A10 to only allow access to specific URLS.

    Scenario 2:
    One VIP reverse proxying one web server. The web server has several different websites with differing paths (e.g. website.domain.com/path1 website.domain.com/path2). All of which are https through to the server. Again I’d like A10 to restrict the paths available.

    Any advice would be appreciated.

    #11922
    avatar
    diederik
    Member

    For Scenario 1, how exactly do you want to limit access?

    You can use an HTTP template and use host switching, don’t set a default servicegroup in the config and based on the “host header” only the hostnames specified in your host switching config will be allowed.

    On the HTTPS side, this template will also get applied, but only after the SSL session is established. If you want to block “SSL” connections to hostnames that you do not host or specific ones you want to block, you need to use SNI hooks in aFlex.

    For scenario 2, if you just want to filter paths, and the hostname is the same, you can use “Application Switching”… similar to “Host Switching” also in the HTTP Template.
    You can’t use host and app switching together in the same template.
    For host and app switching together I would use aFlex… switch on Host followed by a switch on URI.

    #12152
    avatar
    luca.dm
    Member

    You can do it also with AFLEX and class list.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Comments are closed.