Block direct IP access from internet

Question

HiWe have multi-domain (ie. a1.test.com, a2.test.com, etc) which is in one Virtual server. (*.test.com)Can we block direct ip access from internet?we want customer to connect using only website hostname , not public ip. but we have many hostname in one vip.Can I use this irule?when HTTP_REQUEST {switch -glob [HTTP::header "Host"] {"*.test.com"&nbsp;{ Allow&nbsp;}else { reject }}

ca_valli · Answer

Hello, iRule syntax needs some fixes, switch instruction with glob-style matching does not support wildcards nor else statementsTry this instead, it's simplified&nbsp;when HTTP_REQUEST {
 if { not ([string tolower [HTTP::host]] ends_with ".test.com")}{ reject }
}&nbsp;&nbsp;

p_kueppers · Answer

First of all there is a simple rule: Use LTM Policy instead of iRule wherever its possible. Small benefit of this is less cpu and easier understanding. Simple create a LTM Policy with rules like

"if hostname xyz.com forward to pool 123"

"if hostname abc.com AND tcp address matches 1.2.3.4 forward to pool 456"

Do this with every hostname, apply this policy to your virtual server.

Forum Discussion

Block direct IP access from internet

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Unbreaking the Internet and Converting Protocols

F5 APM VPN Choking Internet Bandwidth

Direct Access on Windows 2012 R2: Manage Out with a Hardware Load Balancer

check may fail to detect Kaspersky Internet Security Anti-Virus

F5's Access Policy Manager the Access Proxy for Zero Trust Architectures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS