Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Sep 09, 2022

Block direct IP access from internet

Hi

We have multi-domain (ie. a1.test.com, a2.test.com, etc) which is in one Virtual server. (*.test.com)

Can we block direct ip access from internet?
we want customer to connect using only website hostname , not public ip. but we have many hostname in one vip.

Can I use this irule?
when HTTP_REQUEST {
switch -glob [HTTP::header "Host"] {
"*.test.com" { Allow }
else { reject }
}

2 Replies

  • Hello, iRule syntax needs some fixes, switch instruction with glob-style matching does not support wildcards nor else statements

    Try this instead, it's simplified

     

    when HTTP_REQUEST {
     if { not ([string tolower [HTTP::host]] ends_with ".test.com")}{ reject }
    }

     

     

  • First of all there is a simple rule: Use LTM Policy instead of iRule wherever its possible. Small benefit of this is less cpu and easier understanding. Simple create a LTM Policy with rules like

    "if hostname xyz.com forward to pool 123" 

    "if hostname abc.com AND tcp address matches 1.2.3.4 forward to pool 456" 

    Do this with every hostname, apply this policy to your virtual server.