For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JG_249184's avatar
JG_249184
Icon for Altocumulus rankAltocumulus
Oct 14, 2016

http host request lock down

Hello,

 

I am trying to write a simple irule that locks down the HTTP host request to the specific FQDN - e.g., app.mydomain.com. I don't want anyone typing in the short name app or the VIP IP address to be sent to the backend pool.

 

Also can this be achieved by using the LTM policy manager instead? Which is the preferred method in this scenario?

 

The following irule still allows everything else, even though I specified equals the host FQDN.

 

when HTTP_REQUEST { if { [HTTP::header "Host"] equals "app.mydomain.com" } {

 

} }

 

application delivery
BIG-IP
LTM

1 Reply

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Oct 15, 2016

    try this instead:

    when HTTP_REQUEST { 
   if { not ([HTTP::header "Host"] equals "app.mydomain.com" }  {  
       reject 
     } 
 }

    See how that goes,

    N