Forum Discussion

MR_RJ's avatar
MR_RJ
Icon for Cirrus rankCirrus
Jun 13, 2019

Restrict traffic for LTM VIP to shared web node to ensure security

Hi,

 

I bit confusing topic maybe but let me explain!

 

The LTM VIP has mutual TLS configured (certificate authentication) and HTTPS.

Behind that one we have a web server farm hosting several sites.

So if I were to put a website there and use the mutual TLS setup to protect it, there is still ways to get in there by using the same host header and going through other VIPs that doesnt have the protection mentioned.

 

So, is there a design scenario where we still can use a shared web site / node IP to have the mutual TLS configured on the LTM and not exposing our self via other VIPs?

 

The only scenario I can see at the moment is to use a separate IP for this website to bind the webserver to, so it wont let other VIPs passing information beside the mutual TLS VIP.

 

Thanks in advance!

Rob