For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sushant's avatar
Sushant
Icon for Altostratus rankAltostratus
Apr 02, 2021
Solved

Restricting direct access from public IP

My website that resides under BIG IP F5 can directly be opened making use of public IP. As my site is one to one NAT'd and and one application under one public IP it can directly be opened using publ...
BIG-IP
LTM
security
  • spalande's avatar
    spalande
    Apr 03, 2021

    If you VIP hosts single domain then use this to whitelist it

    when HTTP_REQUEST {
 switch [string tolower [HTTP::host]] {
 "www.domain.com" 
  {
   return
  }
 default { 
   reject
  }
 }
}

    If VIP hosts multiple domains/SAN use below to whitelist all

    when HTTP_REQUEST {
 switch [string tolower [HTTP::host]] {
 "www.domain1.com" -
 "www.domain2.com" -
 "www.domain3.com" 
 {
   return
  }
 default { 
   reject
  }
 }
}
spalande's avatar
spalande
Icon for Nacreous rankNacreous
Apr 02, 2021

You can use iRule, LTM policy or ASM profile to reject the requests coming with IP as HOST header. Let me know if you need further help with any of it.

Sushant's avatar
Sushant
Icon for Altostratus rankAltostratus
Apr 03, 2021

thank you for the reply...can you share me the irule if possible ?