Forum Discussion
NimbostratusIrule to restrict traffic based on domain name
Hello,
I was wondering if there was a way to use an I rule based on the domain name of the host and deny all the traffic apart from those specific domain names ?
Example :
We have a domain name mydomain.com and *.mydomain.in, when traffic gets initiated from any machine from these host machine we would like to verify the domain and allow the traffic to the vip's orlese reject.
Note : We have not configured dns on the bigip to do any sort of resolution.
Thanks.
7 Replies
TechTTry below :
when HTTP_REQUEST { if { ([HTTP::host] contains "mydomain.com") or ([HTTP::host] contains "mydomain.in") } { pool } else { drop }}
srinivas_nory_2Hi Maneesh,
Thank you for the quick response, on the http header we are reading the host entry for mydomain.com or mydomian.in, usually this host entry is for the internet host of the resouce being requested.
so machine from the lan with domain mydomain.com / mydomain.in when sends out a request does the http header of host file will be machinename.mydomain.com / machinename.mydomain.in ? Any machine not being on these domain should be rejected.
Can you please let me know if the rule suffices the source based restirction ?
Thanks
TechT_163800The above irule will help only when you are trying to access mydomain.com/mydomain.in urls on your web browser. For your source based requirement, why dont we go with specific subnet instead of domain name ?- srinivas_nory_2Manish, i am having a discussion the source based ip settings but the requirement of the client wanted it to be more with domain based as we have quite a number of domain and network segregation based. So is there a way we can do a source based restirction using domain ?
- TechT_163800i wonder how LB can read source domain names(may be i am lacking here), if it was IP we could have match with "class match [IP::client_addr]"
