Forum Discussion

TJ01's avatar
TJ01
Icon for Nimbostratus rankNimbostratus
Nov 17, 2021

Restrict domain access via host IP

HI Guys,

 

The requirement is to restrict site access via IP - I am trying to block access based on host value

 

Can someone please review and advise if the below event block will work.

 

when HTTP_REQUEST {

 if { [HTTP::header "host"] equals "10.x.x.x"}{

    log local0. "dropped"

    reject

   }

 }   

devops
iRules
security
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Nov 17, 2021

    Hi TJ01,

    You can use [HTTP::header host] or [HTTP::host]

    when HTTP_REQUEST {
	if { [HTTP::host] equals "10.11.12.13" } {
		log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]"
		drop
	}
}

    For access only with host "abc.example.com"

    when HTTP_REQUEST {
	if { [HTTP::host] ne "abc.example.com" } {
		log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]"
		drop
	}
}
  • TJ01's avatar
    TJ01
    Icon for Nimbostratus rankNimbostratus
    Nov 24, 2021

    Thanks Enes -- Appreciate your help on this ...

     

    if we choose to use code to allow the host with "abc.example.com" only .. will that include the header of "www. abc.example.com" or need to explicitly add it what that "and" statement would be ?

    • Enes_Afsin_Al's avatar
      Enes_Afsin_Al
      Icon for MVP rankMVP
      Nov 24, 2021

      Hi TJ01,

      It will not contain "www.abc.example.com". If want to match with www:

      when HTTP_REQUEST {
	if { [HTTP::host] ne "abc.example.com" && [HTTP::host] ne "www.abc.example.com" } {
		log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]"
		drop
		return
	}
}