Forum Discussion
iRule http host with wildcard domain
- Jul 25, 2024
Thanks for all the advice. I have solved it.
when HTTP_REQUEST {
switch -regexp [HTTP::host] {
"^[a-zA-Z0-9_-]+\.domain.com" { }
default { drop }
}
}This irule works. Thanks all.
Hello, Can you follow below expample.
when HTTP_REQUEST {
if { ([HTTP::host] == "www.example.com") } {
# Do nothing, meaning permit request
} elseif { ([HTTP::host] == "web.example.com") } {
# Do nothing, meaning permit request
} elseif { ([HTTP::host] == "access.example.com") } {
# Do nothing, meaning permit request
} else {
# If the host header does not contain any of the previously matching values then reject the request
reject
}
}
- spaceccJul 25, 2024Altostratus
Hello, sir. Thanks for reply. In fact, I have hundreds of domain names which I cannot list them all. Like www, oa, web, web2 and so on. There are too many I cannot put in a data group. I just want to allow *.example.com and disallow *.*.example.com. Using a wildcard domain. Is there a way?
- PauliusJul 25, 2024MVP
How many FQDNs do you have to match? The reason I ask is because a data-group match is the best way to achieve this, and I believe data-groups support 10 million entries and you stated hundreds of domains and not millions. You can easily format some text to the appropriate format and paste in the data-group in the CLI to create the data-group quickly. First, the following is an example of the data-group which you would paste in and follow the on screen message that comes up after you run the following command. Please keep in mind that this is a very powerful command so be sure you aren't using any existing configuration that you want to keep and that it's formatted properly before saving after you paste in the text.
load sys config from-terminal merge
This next piece is the text you would paste in for the data-group, with your correct FQDNs of course. If for some reason the formatting isn't correct for your code version on your F5 you can always create the data-group with 2 entries from the GUI, go to the CLI and list out the data-group, grab that and add all your entries, delete the data-group in the GUI, and then finally run the command I listed above with your class text and it should work.
class CLASS-hackit.com { "fqdn1.hackit.com" "fqdn2.hackit.com" "fqdn3.hackit.com" }
Next you will use the following iRule to direct your traffic accordingly, this is assuming the pool that is associated to the virtual server is the pool that you want to direct traffic to.
when CLIENT_ACCEPTED priority 500 { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST priority 500 { if {[class match -- [HTTP::host] equals CLASS-hackit.com]}{ pool ${DEFAULT_POOL} } else { reject } }
- spaceccJul 25, 2024Altostratus
Hello, sir. Thanks for reply. To be honest, there are too many domain names I am tired to type them one by one. That's why I want to use wildcard. Thanks for the advice.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com