Forum Discussion
Sushant
Altostratus
AltostratusRestricting direct access from public IP
My website that resides under BIG IP F5 can directly be opened making use of public IP. As my site is one to one NAT'd and and one application under one public IP it can directly be opened using publ...
If you VIP hosts single domain then use this to whitelist it
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "www.domain.com" { return } default { reject } } }If VIP hosts multiple domains/SAN use below to whitelist all
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "www.domain1.com" - "www.domain2.com" - "www.domain3.com" { return } default { reject } } }
spalande
Nacreous
NacreousYou can use iRule, LTM policy or ASM profile to reject the requests coming with IP as HOST header. Let me know if you need further help with any of it.
Sushantthank you for the reply...can you share me the irule if possible ?
- Sushant
- when HTTP_REQUEST {
- if { [HTTP::header "Host"] equals " " } {
- reject
- }
- }
tryin to use this irule without any success
- spalande
If you VIP hosts single domain then use this to whitelist it
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "www.domain.com" { return } default { reject } } }If VIP hosts multiple domains/SAN use below to whitelist all
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "www.domain1.com" - "www.domain2.com" - "www.domain3.com" { return } default { reject } } } - Sushant
thanks ...working now