Forum Discussion

Tony_Bushell_90's avatar
Tony_Bushell_90
Icon for Nimbostratus rankNimbostratus
Jun 17, 2010

How to reject based on an IP?

hi - I have a customer who is trying to publish a http site but they want to reject any requests that come if someone just uses the IP address or some other DNS A or cname, and i was hoping someone c...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 17, 2010
Hi Tony,

If you create a datagroup (type: string) of legal or illegal HTTP host header values you can use an iRule like this to check the requested Host header value against it. You can also add a check to see that the Host header value isn't an IP address: 


when HTTP_REQUEST {

    Check the Host against a datagroup of legal host header values
   if {not ([matchclass [string tolower [HTTP::host]] equals legal_host_headers_class])}{
      HTTP::respond 403 content {Forbidden!}
      return
   }

    Check the Host against a datagroup of illegal host header values
   if {[matchclass [string tolower [HTTP::host]] equals illegal_host_headers_class]}{
      HTTP::respond 403 content {Forbidden!}
      return
   }

    Check if the Host is an IP address, blank or non-existent
   if {not ([string match {*[a-zA-Z]*} [HTTP::host]])}{
      HTTP::respond 403 content {Forbidden!}
   }
}

Aaron