Forum Discussion
networksecurity2022
Apr 01, 2022Nimbostratus
i rule
please help me to create Irule below requirement.
If <sourec ip1 >or <source ip2> IPs are the sourceAddress and Host header is either <x.x.x.x>or <Y.Y.Y.Y> then you have to allow the communication. Other than <sourec ip1 > and <source ip2> IPs, rest of the IPs will be blocked if they are having IP in the host header.
Hello networksecurity2022.
Try this
when HTTP_REQUEST { if { ([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>") } { if { !(([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>")) } { reject } } }
- networksecurity2022Nimbostratus
- networksecurity2022NimbostratusAbove rule not working, request must allow. only reject Other than source ips, rest of the IPs will be blocked if they are having IP in the host header.
Hello.
Check this one.
Rejects everything to those IPs (<x.x.x.x> or <y.y.y.y>) in the host header, except if the source is one of those IPs (<source ip1> or <source ip2>)
when HTTP_REQUEST { if { ([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>") } { if { !(([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>")) } { reject } } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects