Forum Discussion
chuffaker_11557
Nimbostratus
NimbostratusiRule to verify request to VIP came via a URL, not an IP
Does anyone know if it's possible to write an iRule to ensure a request to a VIP came from a URL, not an IP.
We have and External VIP (DMZ), whose pool membeer is an Internal VIP (Internal), on...
Jason_40733
Cirrocumulus
CirrocumulusYes. Something like this might work. Haven't tested it, but the theory is workable I believe.
Data group of allowed DNS hosts used to verify web address. ltm data-group internal /Common/ALLOWEDDNS { records { www.mycompany.com { } www.mycompany.net { } www.mycompany.org { } } type string }
iRule ltm rule /Common/RULE_NOIPS { when HTTP_REQUEST { if {[matchclass [HTTP::host] equals $::ALLOWEDDNS]} { pool MYWEBPOOL } else { reject } } }
- logic is sound, but unless the original requestor is on v9, you should avoid matchclass and instead use the class command.
- Jason_40733Good tip. Much appreciated.
