Forum Discussion

  • preslav_ilevski's avatar
    preslav_ilevski
    Icon for Cirrus rankCirrus
    Aug 30, 2017

    Hello yuanqiang,

     

    Can you clarify your idea?

     

    May be you want to filter the source IP addresses from which the virtual server accepts traffic.

     

    Regards,

     

    Preslav

     

  • eben's avatar
    eben
    Icon for Nimbostratus rankNimbostratus
    Aug 30, 2017

    Hi yuanqiang,

     

    If I get your question right, you don't want VS to be accessed using IP address, only the use of domain name for the VS yes?

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 30, 2017

    If it's the latter )only access via domain name and not IP), you could try looking at the host: header. It SHOULD be filled in with the site name from the URL that was typed...

     

    I'm not sure whether you'll get any false readings (Positive or Negative) from that, but convention says it will mostly do what you want. No guarantees though because it's up to the browser to fill in that header correctly. Of course if it doesn't other things will probably break, so you may be in luck.

     

  • eben_259100's avatar
    eben_259100
    Icon for Cirrostratus rankCirrostratus
    Aug 30, 2017

    Hi yuanqiang This should get the job done.

    when HTTP_REQUEST{
if {[HTTP::host] equals "
}

    }

    HTH Regards

    Eben.

    • yuanqiang_22112's avatar
      yuanqiang_22112
      Icon for Nimbostratus rankNimbostratus
      Sep 05, 2017
      @eben,thank you ! Maybe I can try this irules again ,right ?

      when HTTP_REQUEST{ if {[HTTP::host] equals " log.local0 "connection dropped from client for accessing [HTTP::host]" }else{ drop }

       

      }
    • Jad_Tabbara__J1's avatar
      Jad_Tabbara__J1
      Icon for Cirrostratus rankCirrostratus
      Sep 05, 2017

      @Yuanqiang this will not work since you are dropping all requests that don't come with

      also the command you need to correct the following line 

      log local0. "connection dropped from client for accessing [HTTP::host]"

  • eben's avatar
    eben
    Icon for Nimbostratus rankNimbostratus
    Aug 30, 2017

    Hi yuanqiang This should get the job done.

    when HTTP_REQUEST{
if {[HTTP::host] equals "
}

    }

    HTH Regards

    Eben.

    • yuanqiang_22112's avatar
      yuanqiang_22112
      Icon for Nimbostratus rankNimbostratus
      Sep 05, 2017
      @eben,thank you ! Maybe I can try this irules again ,right ?

      when HTTP_REQUEST{ if {[HTTP::host] equals " log.local0 "connection dropped from client for accessing [HTTP::host]" }else{ drop }

       

      }
    • Jad_Tabbara__J1's avatar
      Jad_Tabbara__J1
      Icon for Cirrostratus rankCirrostratus
      Sep 05, 2017

      @Yuanqiang this will not work since you are dropping all requests that don't come with

      also the command you need to correct the following line 

      log local0. "connection dropped from client for accessing [HTTP::host]"

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Sep 05, 2017

    Hello Yuanqiang,

    It is better to check in your irule the FQDN and based on the FQDN drop or do nothing. 

    when HTTP_REQUEST {

    if { ! ( [string tolower [HTTP::host]] eq "app.domain.com" ) } {
        drop 
        log local0. "connection dropped from client for accessing [HTTP::host]"
    }
}

    By doing this, you prevent clients to connect via IP directly and also via other FQDN (if they changes their host file for example).

    Hope it helps

    Regards

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Sep 07, 2017

    I'd recommend using a Local Traffic Policy (Local Traffic ›› Policies : Policy List)

     

    Introducing Local Traffic Policies

     

    This discusses creating a Local Traffic Policy that examines the Host header for a specific value - you can redirect or drop requests that do not match your criteria.