Forum Discussion
formiarevo_2065
Nimbostratus
NimbostratusHow to deny the request with the Host:IP address in the request header, not Host:the domain name.
Hi All,
I have a LTM device with version 11.6.0.
I would like to deny the HTTP request that the host value is IP address.
For example, Our website, test.com has a VIP, 1.1.1.1.
I...
Yes, using an iRule is recommended here. Since you said you're using v11.6, you can also use what is called an LTM Policy(Local Traffic -> Policy) for such purpose. There are SOL arcitles that explain the topic.
If you want to use an iRule:
when HTTP_REQUEST { if { [HTTP::host] == "1.1.1.1" }{ reject If you want to send TCP-RST as a response (Connection has been reset error will occur) TCP::close If you want to drop the request (Timeout will occur) log local0. "[IP::client_addr] Denied access to <[HTTP::host][HTTP::uri]>" } }
Hannes_Rapp_162
Nacreous
NacreousYes, using an iRule is recommended here. Since you said you're using v11.6, you can also use what is called an LTM Policy(Local Traffic -> Policy) for such purpose. There are SOL arcitles that explain the topic.
If you want to use an iRule:
when HTTP_REQUEST {
if { [HTTP::host] == "1.1.1.1" }{
reject If you want to send TCP-RST as a response (Connection has been reset error will occur)
TCP::close If you want to drop the request (Timeout will occur)
log local0. "[IP::client_addr] Denied access to <[HTTP::host][HTTP::uri]>"
}
}
formiarevo_2065Wow~ Good Answer! I tested LTM Policy as you said. So easy. Thanks Hannes, Mia.
