This provides a rough framework to follow when implementing web server filters.
Here are some guidelines to follow when creating web server filters.
- Always let your span/tap/aggregator do the filtering if possible. This will reduce the load on the TIM.
- An important step is determining where the TIM is placed and which IP Addresses are visible to the customer:
- If the TIM is before the firewall/load balancer and If a firewall/load balancer is in front of a web server, then use the IP address of the firewall(s)/load balancer(s).
- If the TIM is after the firewall/load balancer or there is no firewall/load balancer, then use the web server(s) IP address(es).
- Keep a snapshot of the web server filter current settings
- To minimize traffic, make multiple filters of the same IP addresses to limit web server traffic to specific ports rather than setting to Port 0 (all traffic) in one filter.
- Use the IP address that the customer sees from their web browser which is typically the virtual rather than the physical IP address.