Forum Discussion
vishu_chavan
Altocumulus
AltocumulusRestricting access to a virtual server by Public IP address should access through only domain name.
We had Published website on F5 with Domain name ,now created domain is aviable in public ,but publish website is also accessible with ip address in public domain.( we have created server pool )
Website must be only accessible through Domain name only .
We tried to created iRule for same Domain but its given error to assign HTTP profile .
We tried to applied HTTP profile to domain but domain virtual server pool go down and domain is unaviable .
we are using F5 current version is 11.5.8
Kindly suggest work around for version 11.5.8
i am new to F5
seems you have not used your Domain certificate under client ssl profile , check thebelow link to upload your CA domain certificate and key to bigip and followed to that you need to create client ssl profile point to your Domain certificate/key and any chain certificate.
https://my.f5.com/manage/s/article/K14620#3
once done you check your domain for any ssl issue by running test in below link
https://www.sslshopper.com/ssl-checker.html
F5-EnthusiastHello,
please note first, that version 11.5.8 is out of any supprt and service from April 8, 2019 as you can see in BIG-IP software support policy (f5.com)
For your problem, solution via iRule is a viable. also you could utilize LTM Policies.
But as you describe you can't add the iRule (which is based on HTTP Events) because you do not have any HTTP Profile on Virtual Server.
This Profile is required to validate or manipulate data on HTTP Layer.And as you described you also have application issues if you apply an HTTP Profile it seems that the Application is protected by SSL / TLS. In this case you would also need an Client SSL / Server SSL profile
So the F5 will be able to decrypt and encrypt the connection and after that apply the http profile to make your iRule work.
But most important: Get an updated F5. This software Version is old and has maaaaaany Security and operating flaws
Regards
- vishu_chavan
Thanks for reply
yes we knew F5 is running on old version and it is out of date .new F5 is in process as it will take time .
Can you please, Guide me how to apply SSL / TLS for virtual server .
Thanks in advance .
- vishu_chavan
Thanks for your reply .Tried your solutions
I applied Client SSL / Server SSL profile & HTTP profile on website and added iRule for website
iRule script below
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
"www.domian.com"
{
return
}
default {
reject
}
}
}All Setting Successfully applied .Now i can access website with only domain name ,BUT while accessing website with domain its show my ssl certificate is expired .Treid to view same certificate it show some IT or local certificate .
As earier my website ssl certificate is secure and working.
Kindly suggest for same .
Thanks in advance.
ragunath154Cirrostratus
seems you have not used your Domain certificate under client ssl profile , check thebelow link to upload your CA domain certificate and key to bigip and followed to that you need to create client ssl profile point to your Domain certificate/key and any chain certificate.
https://my.f5.com/manage/s/article/K14620#3
once done you check your domain for any ssl issue by running test in below link
https://www.sslshopper.com/ssl-checker.html
Hi vishu_chavan ,
Could you please send the irule script that you use now.
> it's mandatory to assign http profile for this irule.
> although you have a non supported version and you need to upgrade , but try the below irule script :when HTTP_REQUEST { if { ([HTTP::host] != "www.example.com") } { reject } }> Replace "www.example.com" by your correct FQDN.
and let me know the results
Snlyou can try below irule as well replace x.x.x.x with your ip address when HTTP_REQUEST { If { !([HTTP::host] equals "x.x.x.x") } { Reject } }
