For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

NGX_IT_134965's avatar
NGX_IT_134965
Icon for Nimbostratus rankNimbostratus
Nov 26, 2018

Do not allow IP through https

Hello,   I am inquiring on how to do the following:   Do not allow IP access through HTTPS   Example: https://33.33.33.33 < - Don't allow this https://dns.name.com < - Allow this only   ...
BIG-IP
devops
https
Emad_26973's avatar
Emad_26973
Icon for Cirrus rankCirrus
Nov 27, 2018

Another Approach will be to add all virtual server IPs in a data group and write a generic irule to deny request, you can either reject or send HTML having access denied message e.g

ltm rule fqdn_access {
    when HTTP_REQUEST {
        if {[class match [HTTP::host] equals VIP_IPs] }{
                HTTP::respond 200 content {
                
                    
                        Access Denied
             
            
                    We are sorry. Use FQDN to access.
            
            
                    }
            } 
    }
    }
    DataGroup
    ltm data-group internal VIP_IPs {
    records {
    33.33.33.33 { }
    33.33.33.34 { }
}
type string
}
NGX_IT_134965's avatar
NGX_IT_134965
Icon for Nimbostratus rankNimbostratus
Nov 28, 2018

Thank you very much everyone, the first one worked great for me :).