For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

networksecurity2022's avatar
networksecurity2022
Icon for Nimbostratus rankNimbostratus
Apr 01, 2022

i rule

please help me to create Irule below requirement.

If <sourec ip1 >or <source ip2> IPs are the sourceAddress and Host header is either <x.x.x.x>or <Y.Y.Y.Y> then you have to allow the communication. Other than <sourec ip1 > and <source ip2> IPs, rest of the IPs will be blocked if they are having IP in the host header.

security

4 Replies

  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for Noctilucent rankNoctilucent
    Apr 01, 2022

    Hello networksecurity2022.

    Try this

    when HTTP_REQUEST {
  if { ([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>") } {
    if { !(([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>")) } {
      reject
    }
  }
}

     

  • networksecurity2022's avatar
    networksecurity2022
    Icon for Nimbostratus rankNimbostratus
    Apr 01, 2022
    Above rule not working,  request must allow. only reject Other than source ips, rest of the IPs will be blocked if they are having IP in the host header. 
    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for Noctilucent rankNoctilucent
      Apr 01, 2022

      Hello.

      Check this one. 

      Rejects everything to those IPs (<x.x.x.x> or <y.y.y.y>) in the host header, except if the source is one of those IPs (<source ip1> or <source ip2>)

      when HTTP_REQUEST {
  if { ([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>") } {
    if { !(([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>")) } {
      reject
    }
  }
}