Forum Discussion
ronniep_79067
Nimbostratus
Nimbostratusblocking or dropping particular dns requests
I have a request to see if there is a way that we can block or deny requests to www.example.com. but allow example.com. The request is to actually block anything but example.com.
I am having a hard time finding anything along these lines.
Is this possible?
Thank you in advance!
- JRahm
Admin
Sure.when HTTP_REQUEST { if { not([string tolower [HTTP::host]] eq [domain [string tolower [HTTP::host]] 2]) } { discard } } 
hoolioCirrostratus
Citizen's example would check if the requested host is two dotted fields (example.com or co.uk). You could also explicitly check for a requested host of example.com and reject anything else:when HTTP_REQUEST { Check if requested host (set to lower case) is example.com if {[string tolower [HTTP::host]] eq "example.com"}{ Send an HTTP response HTTP::respond 403 Reset the TCP connection reject } }
Aaron
ronniep_79067Aaron,
I assumed that I would add a default pool to my VIP and assign this irule, but I can still get to it by name and IP.- ronniep_79067when HTTP_REQUEST {
if { not ([HTTP::host] equals “www.foo.com”)} {
drop
}
}
this iRule checks the host header and drops the request if hostname is not www.foo.com
you can also log, send http redirect, or do anything you want when the hostname is not matching www.foo.com
in case of not well known port number for http:
when HTTP_REQUEST {
if { not ([getfield [HTTP::host] : 1] equals “www.foo.com”)} {
drop
}
}
This iRule returns the hostname without the port number used in request. - ronniep_79067I cannot get any of these to work for some reason. There has to be something dumb that I am missing.
- ronniep_79067I would assume that since the irules do not contail anything regarding a pool that I would need to assign one?
I am sorry, but I am definitely a noob with irules.
