Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Block direct IP access from internet

kridsana
Cirrocumulus
Cirrocumulus

‎09-Sep-2022 01:12

Hi

We have multi-domain (ie. a1.test.com, a2.test.com, etc) which is in one Virtual server. (*.test.com)

Can we block direct ip access from internet?
we want customer to connect using only website hostname , not public ip. but we have many hostname in one vip.

Can I use this irule?
when HTTP_REQUEST {
switch -glob [HTTP::header "Host"] {
"*.test.com" { Allow }
else { reject }
}

Labels:
0 Kudos
2 REPLIES 2

CA_Valli
MVP
MVP

‎09-Sep-2022 01:27 - edited ‎09-Sep-2022 01:32

Hello, iRule syntax needs some fixes, switch instruction with glob-style matching does not support wildcards nor else statements

Try this instead, it's simplified

 

when HTTP_REQUEST {
 if { not ([string tolower [HTTP::host]] ends_with ".test.com")}{ reject }
}

 

 

0 Kudos

P_Kueppers
MVP
MVP

‎09-Sep-2022 05:13

First of all there is a simple rule: Use LTM Policy instead of iRule wherever its possible. Small benefit of this is less cpu and easier understanding. Simple create a LTM Policy with rules like

"if hostname xyz.com forward to pool 123" 

"if hostname abc.com AND tcp address matches 1.2.3.4 forward to pool 456" 

Do this with every hostname, apply this policy to your virtual server. 

0 Kudos
Copyright © 2023 Khoros, LLC