For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kai_M__48813's avatar
Kai_M__48813
Icon for Cirrus rankCirrus
Apr 13, 2016

problems with data group and http:host

hi,   i have set up a forward http proxy, using the irule provided in Devcentral(current version 3.2), which works quite well. But due to security demands, i need to limit outgoing requests to onl...
data group list
ends_with
http::host
iRules
LTM
proxy
security
THi's avatar
THi
Icon for Nimbostratus rankNimbostratus
Apr 13, 2016

What does your datagroup look like? You could add a logging line into your iRule to see what the HTTP::host value is and compare with your datagroup value. Are your requests using non standard ports, ie not 80/443? HTTP:host contains the port in those cases, eg example.com:8080, which may confuse the ends_with comparison. 

log local0. "HTTP Host is: [HTTP::host]"

Instead of HTTP::host in the you might use URI::host command with HTTP::host as parameter. URI::host does not return the protocol portion of the Host header. Note that URI::host requires a a parameter string from where it parses the host portin. Haven't tested it, though..see iRule wiki on those.