Forum Discussion

kridsana's avatar
Icon for Cirrocumulus rankCirrocumulus
Sep 09, 2022

Block direct IP access from internet


We have multi-domain (ie.,, etc) which is in one Virtual server. (*

Can we block direct ip access from internet?
we want customer to connect using only website hostname , not public ip. but we have many hostname in one vip.

Can I use this irule?
switch -glob [HTTP::header "Host"] {
"*" { Allow }
else { reject }

2 Replies

  • Hello, iRule syntax needs some fixes, switch instruction with glob-style matching does not support wildcards nor else statements

    Try this instead, it's simplified


    when HTTP_REQUEST {
     if { not ([string tolower [HTTP::host]] ends_with "")}{ reject }



  • First of all there is a simple rule: Use LTM Policy instead of iRule wherever its possible. Small benefit of this is less cpu and easier understanding. Simple create a LTM Policy with rules like

    "if hostname forward to pool 123" 

    "if hostname AND tcp address matches forward to pool 456" 

    Do this with every hostname, apply this policy to your virtual server.