From: Joao Gouveia (tharbad@kaotik.org)
Date: Wed Aug 27 2003 - 07:00:37 EDT
Hi,
On Wed, 2003-08-27 at 02:55, pen test wrote:
> Recently I started a pen test of a network and the company is using a
F5
> BigIP for load balancing and ssl acceleration. I looked and looked
and
> could not find any information to answer a few questions. Any help
would be
> great.
>
> Does the BigIp handle all requests and stay between the client and
server or
> does it just simply redirect to the server?
BigIp acts as a load balancer, it may or may not have specific rules
that decide where the client requests are to be delivered. For example,
you can have some "/images" URI being passed to a pool of image servers,
and a "/cgi" URI passed to a pool of application servers. As such, you
can also have rules that send requests like "/vulnerable.cgi" redirected
to /dev/null.
BigIp is very flexible in this kind of configurations.
> Bascially what I am getting at is if the the BigIp is between the
client and
> application server
>
> client ---ssl--- bigip ---http--- application server
You're probably talking with BigIp's ssl-proxy.
> is the the application server safe from attacks that may affect it as
the
> bigip will actually be on the one that is attacked?
I would say that most likely they have a virtual address which is
handled by BigIp, and passed to specific pools of servers based on
destination ports, rules, etc..
It should be safe, for example, from attacks to a port that is not
mapped on the virtual server ( the attacker would be talking with the
BigIp, not the app server ), but not from attacks directed to the mapped
ports ( probably port 80 ).
Unless they've used the (powerfull) filtering features on BigIp,
requests that are sent to the web servers pool should pass mostly
transparently.
Regards,
Joao Gouveia
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT