Access rejected because it points to reserved address (Virtual Server ip or Self IP)

Nompang · ‎17-Nov-2022

HI Expert ,

i have issue with F5 APM when i try to create a portal that contain IP address of (Virtual Server or Self ip )

i always get block by ACL and log state that :

Access rejected because it points to reserved address

i have tried to do irule , remote Local host DNS , bypass list in rewrite follow guide and still not work.

please help.

Dario_Garrido · ‎19-Nov-2022

Hello @Nompang,

I recommend you to follow this article to permit your IP in the rewrite configuration.

https://support.f5.com/csp/article/K31750304

Regards,
Dario.

Nompang · ‎20-Nov-2022

HI @Dario_Garrido ,

I have done that with bypass list as you have shown , still not working.

Do you have other way as well ? As now i can't do rewrite anything that match with (Virtual Server or Self-IP) Address.

Thanks

boneyard · ‎22-Nov-2022

Did you add the 127.0.0.1 exception or the virtual server / self IP addresses?

Nompang · ‎22-Nov-2022

HI @boneyard ,

if you refer this into bypass list inside rewrite profile , yes i have done that , still not work.

i input *://127.0.0.1* .

do you have other suggestion on that ?

Thanks

boneyard · ‎26-Nov-2022

Yes, try it with one of the IP addresses your are trying to reach. The article is specific for local host, your case is about self IPs / virtual server IPs.

Nompang · ‎27-Nov-2022

HI @boneyard .

Can you help example ?

Really appreciate your help.

boneyard · ‎28-Nov-2022

say I have a self IP on 10.3.20.10, i would add:

*://10.3.20.10*

Nompang · ‎28-Nov-2022

HI @boneyard ,

i have done that , but still not work , i don't know if it is a bug or sth

boneyard · ‎04-Dec-2022

That is difficult to judge from a distance, have you opened a support ticket with F5 on this?

Do you see something in /var/log/apm at the time you try to access?

Vanderlei · ‎06-Jan-2023

i am experiencing the same behavior in my environment, have someone figure out on that issue? I didn't identify the reason

Nompang · ‎06-Jan-2023

not yet bro , i think it is bug.

try to downgrade the version , as i also use the latest one and face this issue.

boneyard · ‎08-Jan-2023

@Vanderlei which TMOS version? do you see something in the apm log at that moment?

If you are sure about a bug, please open a support ticket, F5 support should be able to get to the bottom of this quite quickly.

Vanderlei · ‎08-Jan-2023

Im not sure it is a bug, but the current version of Big IP is 15.1.8 and in APM see logs like:

Jan 7 03:47:07 <bigiphostname> notice tmm1[22602]: 01490585:5: /Common/<access policy name>:Common:71818fdc: Access to <external or internal url> rejectedbecause it points to reserved address.

Im not sure but the <external or internal url> is one rewrite try by Portal Rewrite / iRULE

boneyard · ‎09-Jan-2023

Not really sure what you mean with "Im not sure but the <external or internal url> is one rewrite try by Portal Rewrite / iRULE"

But do these URLs point to the a Self IP or localhost (127.0.0.1) on the BIG-IP? As mention in the K article what does dev tools show?

Ill point to F5 support again, they can do a remote session with you and much easier look into this.

Vanderlei · ‎08-Jan-2023

we just had upgraded 2 months ago from v13.1x to v15.1.8 😞

DevCentral

Access rejected because it points to reserved address (Virtual Server ip or Self IP)

Access rejected because it points to reserved address

Khoros Kudos Award 2022