Application Delivery (ADX)

Reply
Contributor
Posts: 49
Registered: ‎04-24-2009

How do I Deny unauthorized users based on URL without affecting authorized users.

Hi

I have a request from application group (SugarCRM environment) and They want to restrict access to /admin URL path to specific IP clients. I believe I can leverage my ServerIron ADX to achieve this but I need some guidance

Any ideas

N/A
Posts: 1
Registered: ‎12-11-2009

Re: How do I Deny unauthorized users based on URL without affecting authorized users.

Hello Mark,

This is definitely possible using CSW Policies and ACLs. Here is a simple example of how.

Define your CSW-Policy based on the parameters you want to watch for. In this example we’ll use the folder “admin”

csw-rule r1 url prefix “/admin”

Next you set the actions for your policy to redirect all traffic to this section of the site to a different port. In this case we’ll be using port 8080

csw-policy p1 match r1 redirect www.site.com/admin 8080

Make sure you bind your ports to the Real Server and VIP servicing the real. Also, be sure to apply your csw-policy to the VIP.

server real rs1 10.10.10.1

port http

port 8080

port http keepalive

port 8080 keepalive

server virtual vip1 72.11.42.38

port http

port 8080

port http csw-policy p1

bind http rs1 http

bind 8080 rs1 8080

The final step is to setup an ACL to set the permission you want for this specific folder. In our example we’re putting a very basic ACL to deny all traffic that doesn’t come from 10.10.10.2

access-list 103 permit tcp 10.10.10.2 8080

access-list 103 deny all all

Summary: This is only a small example of the types of permissions and setting you can put into place using csw redirects and ACLs

I hope this helps.

Contributor
Posts: 49
Registered: ‎04-24-2009

Re: How do I Deny unauthorized users based on URL without affecting authorized users.

Perfect, it works like a charm. Thanks

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.