Blocking access to ASM Vservers with IP in the host header.

Question

Hi I am new to ASM and come from a Citrix WAF background, I am trying to find out the best way to block traffic going to the ASM with an IP in host entry. I know you can use an irule to drop the traffic but is this the most effective way or is there something inbuilt which would use less resource?

youssef1 · Answer

Hello,&nbsp;
Just for blocking an IP in effective way, you can use packet filter.&nbsp;
Packet filters enhance network security by specifying whether a BIG-IP system interface should accept or reject certain packets based on criteria that you specify. Packet filters enforce an access policy on incoming traffic. They apply to incoming traffic only.&nbsp;
You can find more information here: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-12-1-0/26.html&nbsp;
https://devcentral.f5.com/wiki/AdvDesignConfig.PacketFiltering.ashx&nbsp;
Regards&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Blocking access to ASM Vservers with IP in the host header.

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

python f5-vserver-tool

Strict header Insertion

F5 XC Distributed Cloud HTTP Header/Cookie manipulations and using the client ip/user headers

(HTTP) Redirection via Arbitrary Host Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS