Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Sushant's avatar
Sushant
Icon for Altostratus rankAltostratus
Apr 02, 2021
Solved

Restricting direct access from public IP

My website that resides under BIG IP F5 can directly be opened making use of public IP. As my site is one to one NAT'd and and one application under one public IP it can directly be opened using public IP. I want to restrict making use of opening the site directly via the public IP and available only through domain. Please, do let me know if there is any way that I can achieve this .

big-ip
LTM
security
  • spalande's avatar
    spalande
    Apr 03, 2021

    If you VIP hosts single domain then use this to whitelist it

    when HTTP_REQUEST {
 switch [string tolower [HTTP::host]] {
 "www.domain.com" 
  {
   return
  }
 default { 
   reject
  }
 }
}

    If VIP hosts multiple domains/SAN use below to whitelist all

    when HTTP_REQUEST {
 switch [string tolower [HTTP::host]] {
 "www.domain1.com" -
 "www.domain2.com" -
 "www.domain3.com" 
 {
   return
  }
 default { 
   reject
  }
 }
}

5 Replies

No RepliesBe the first to reply

Recent Discussions