Hi All, I have a LTM device with version 11.6.0. I would like to deny the HTTP request that the host value is IP address. For example, Our website, test.com has a VIP, 1.1.1.1. I want to deny the user typing the IP address 1.1.1.1 on the browser and directly accessing our web site. On the other hand I want to allow the user typing the www.test.com on the browser. To achieve this purpose, I have to the iRule. Is it impossible with out iRule? Thanks Mia.

Forum Discussion

formiarevo_2065

Nimbostratus

Jun 14, 2015

Solved

How to deny the request with the Host:IP address in the request header, not Host:the domain name.

Hi All,

I have a LTM device with version 11.6.0.

I would like to deny the HTTP request that the host value is IP address.

For example, Our website, test.com has a VIP, 1.1.1.1.

I want to deny the user typing the IP address 1.1.1.1 on the browser and directly accessing our web site. On the other hand I want to allow the user typing the www.test.com on the browser.

To achieve this purpose, I have to the iRule. Is it impossible with out iRule?

Thanks Mia.

Yes, using an iRule is recommended here. Since you said you're using v11.6, you can also use what is called an LTM Policy(Local Traffic -> Policy) for such purpose. There are SOL arcitles that explain the topic.

If you want to use an iRule:

when HTTP_REQUEST {

  if { [HTTP::host] == "1.1.1.1" }{
    reject  If you want to send TCP-RST as a response (Connection has been reset error will occur)
    TCP::close  If you want to drop the request (Timeout will occur)    
    log local0. "[IP::client_addr] Denied access to <[HTTP::host][HTTP::uri]>"
  }
}

4 Replies

Hannes_Rapp
Nimbostratus
Jun 14, 2015
Yes, using an iRule is recommended here. Since you said you're using v11.6, you can also use what is called an LTM Policy(Local Traffic -> Policy) for such purpose. There are SOL arcitles that explain the topic.

If you want to use an iRule:

when HTTP_REQUEST { if { [HTTP::host] == "1.1.1.1" }{ reject If you want to send TCP-RST as a response (Connection has been reset error will occur) TCP::close If you want to drop the request (Timeout will occur) log local0. "[IP::client_addr] Denied access to <[HTTP::host][HTTP::uri]>" } }
- formiarevo_2065
  Nimbostratus
  Jun 15, 2015
  Wow~ Good Answer! I tested LTM Policy as you said. So easy. Thanks Hannes, Mia.
Hannes_Rapp_162
Nacreous
Jun 14, 2015
Yes, using an iRule is recommended here. Since you said you're using v11.6, you can also use what is called an LTM Policy(Local Traffic -> Policy) for such purpose. There are SOL arcitles that explain the topic.

If you want to use an iRule:

when HTTP_REQUEST { if { [HTTP::host] == "1.1.1.1" }{ reject If you want to send TCP-RST as a response (Connection has been reset error will occur) TCP::close If you want to drop the request (Timeout will occur) log local0. "[IP::client_addr] Denied access to <[HTTP::host][HTTP::uri]>" } }
- formiarevo_2065
  Nimbostratus
  Jun 15, 2015
  Wow~ Good Answer! I tested LTM Policy as you said. So easy. Thanks Hannes, Mia.