Why encrypt with SSL/TLS in the first place? This is like asking why use car seats. It might be obvious now but just a few decades ago, it wasn’t uncommon for a group of unbuckled kids to be piled in the back of a car or truck (this would be a nightmare for parents today). All right, back to HTTPS which is a secure version of HTTP, also known as HTTP over SSL, HTTP over TLS, or HTTP Secure. A TLS/SSL certificate is like online identification card and is required to secure and encrypt all HTTPS transactions. Now let’s look at three examples how Avi makes your applications more secure.
Why do we need three ways? The answer is easy: Goldilocks Principle! It’s different for everyone of us. So go for options that meet your needs.
- The simplest but least flexible: HTTP profile->Security->check “HTTP-to-HTTPS redirect”. Done!
- A few more clicks but also a few more options: Policies->HTTP Request->select “Status Code”. Happy?
- The most flexible, though you need a touch of scripting: DataScripts->Create DataScript. Check out the DataScript examples on avinetworks.com/docs Have fun!
Limit the number of HTTP requests is a common task. Why? In case you are under a malicious bot attack for example, you can cap the damage by throttling access. With Avi, you simply select the Application Profile and you will find under DDoS, you can add Rate Limit based on jsessionid and set the action taken once the limit is hit.
For whatever reason, you can block access for a range of IP addresses using policies. You can first set up a list called “Blacklist” using Templates->Groups->IP Groups. Next, apply the policy to your application (i.e. virtual service) by adding an HTTP Security Rule. The same process can be applied to “Whitelist”, “Redlist”, and so on.
I am not over-simplifying the above tasks. With Avi, it’s really that point-and-click simple. Why shouldn't it be? If you are stuck with a complex solution like F5 iRules as the only option, find out how you can make your life easier.
Check out these webinars to learn more about iRules and SSL: