0

We have a web farm with an F5 load balancer on Windows 2012 R2. Previously it was configured so that a single url redirected users to a specific machine in the load balanced farm.

For example:

 http://ServerURL.Farm.com

Navigating directly to a specific machine in the farm was disallowed. The following URLS did not work...

 http://ServerURL1.Farm.com http://ServerURL2.Farm.com http://ServerURL3.Farm.com http://ServerURL4.Farm.com

This made trouble shooting problems with specific machines problematic. We were editing host files to do so. Does disallowing these serve some kind of security benefit (or any other kind of benefit?)

Recently things were changed so that we could use the load balancer URL or bypass the Load balancer to access a specific machine. But since I don't see the great benefit in censoring the direct access to specific machines, I'm not 100% sure if it was in our best interests to make these specific machines available. What am I missing?

Improve this question

1 Answer 1

Reset to default
0

If the individual server names ever leak to users, they might bookmark that and use it forever. This causes grief when that host is under maintenance or replaced.

If the load balancer provides security features like terminating TLS or does some sort of application security, you may not want users to be able to bypass it.

It probably is capable of rules for troubleshooting. Perhaps force your client's IP or subnet to a given server for testing.

On the same subnet, sure use an individual server's private address to hit it directly. There likely will be a need to try bypassing the load balancer entirely.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.