Insert auth pool request transparently between every call to an application pool.

Nimbostratus

Feb 12, 2014

Sure. Thanks.

re 1 The auth servers are nginx proxy that inserts headers that are consumed by the application. Once the headers are inserted it forwards to the original url, this hitting the snat from the inside interface. In it's current form, the irule sees the client ip as that of the auth server and then passes the request to the application server.

re 2 Yes.

re 3 I think I answer that in 1. Let me add that the original design by the devs had the auth servers load balancing the app servers themselves. Basically ruby/nginx devs doing their thing. The problem was that every auth proxy had to be application aware. We started working on this solution so that we could have a large pool of identical auth servers serving many different applications and that auth servers are application agnostic.

I think what I am really looking for or trying to confirm is that the request has been through the auth pool before being routed to the application. Headers can be spoofed, so this clientIP lookup seemed OK. I am not sure how expensive it is from a performance perspective though.

Thank you for you looking. Much appreciated.

Forum Discussion

Insert auth pool request transparently between every call to an application pool.

Recent Discussions

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Integrating SSL Orchestrator with Symantec ProxySG: Transparent Proxy

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

Application Programming Interface (API) Authentication types simplified

Enhance your Application Security using Client-side signals