For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ottleydamian's avatar
ottleydamian
Icon for Cirrus rankCirrus
Sep 03, 2019

Block request based on domains

In migrating from Microsoft TMG to F5 I noticed that the TMG allowed/blocked users based on domains and not IP addresses. This is specific for MS Exchange EWS service. I don't have a test F5 device. ...
application delivery
iRules
LTM
security
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Sep 03, 2019

Hi ottleydamian,

Line 2 is not valid. You can create a data-group and use it in iRule.

Data-group:

ltm data-group internal domain_list {
    records {
        abc.domain.com { }
        xyz.mydomain.com { }
        qwerty.mydomain.com { }
    }
    type string
}

iRule:

when HTTP_REQUEST {
	if { not ([class match [string tolower [HTTP::host]] equals domain_list]) } {
		log local0. "Rejected domain [HTTP::host]"
		reject
		
		# or
		# HTTP::respond 404 noserver content "<html>...</html>"
	}
}

The system applies iRules in the order in which it appears in list. You can use "priority" command.

REF: https://clouddocs.f5.com/api/irules/priority.html