Blocking access to ASM Vservers with IP in the host header.

Question

Hi I am new to ASM and come from a Citrix WAF background, I am trying to find out the best way to block traffic going to the ASM with an IP in host entry. I know you can use an irule to drop the traffic but is this the most effective way or is there something inbuilt which would use less resource?

youssef1 · Answer

Hello,&nbsp;
Just for blocking an IP in effective way, you can use packet filter.&nbsp;
Packet filters enhance network security by specifying whether a BIG-IP system interface should accept or reject certain packets based on criteria that you specify. Packet filters enforce an access policy on incoming traffic. They apply to incoming traffic only.&nbsp;
You can find more information here: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-12-1-0/26.html&nbsp;
https://devcentral.f5.com/wiki/AdvDesignConfig.PacketFiltering.ashx&nbsp;
Regards&nbsp;

Forum Discussion

Blocking access to ASM Vservers with IP in the host header.

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

(HTTP) Redirection via Arbitrary Host Header

python f5-vserver-tool

Block IP after a number of ASM Blocks

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

Big-IP Reporting? Vserver traffic stats, etc.?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS