Forum Discussion

Nimbostratus

May 14, 2013

Restrict users from browsing directly to VIP.

Hello, Is it possible to implement an iRule that will restrict access when browsing directly to the virtual server's IP address? For example, when a user browses to http://1.1.1.1 the traffic is...

application delivery

BIG-IP Access Policy Manager (APM)

Admin

Sep 15, 2014

Absolutely supportable in iRules, but there is more functionality with redirects moving into policy actions in the GUI (or via tmsh) For Hamish's solution, it would look like this:

ltm policy http.redirects {
    controls { forwarding }
    requires { http }
    rules {
        require_fqdn {
            actions {
                0 {
                    forward
                    reset
                }
            }
            conditions {
                0 {
                    http-host
                    host
                    not
                    values { my.domain.com }
                }
            }
            ordinal 1
        }
    }
    strategy all-match
}

Yes, more lines, and doesn't look pretty on the CLI, but multiple redirect rules can be added per policy and managed completely in the system versus requiring coding skills for shops that are leery about coding at the network layer.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)