cancel
Showing results for 
Search instead for 
Did you mean: 

Block direct IP access from internet

kridsana
Cirrostratus
Cirrostratus

Hi

We have multi-domain (ie. a1.test.com, a2.test.com, etc) which is in one Virtual server. (*.test.com)

Can we block direct ip access from internet?
we want customer to connect using only website hostname , not public ip. but we have many hostname in one vip.

Can I use this irule?
when HTTP_REQUEST {
switch -glob [HTTP::header "Host"] {
"*.test.com" { Allow }
else { reject }
}

2 REPLIES 2

CA_Valli
Cumulonimbus
Cumulonimbus

Hello, iRule syntax needs some fixes, switch instruction with glob-style matching does not support wildcards nor else statements

Try this instead, it's simplified

 

when HTTP_REQUEST {
 if { not ([string tolower [HTTP::host]] ends_with ".test.com")}{ reject }
}

 

 

P_Kueppers
Cirrus
Cirrus

First of all there is a simple rule: Use LTM Policy instead of iRule wherever its possible. Small benefit of this is less cpu and easier understanding. Simple create a LTM Policy with rules like

"if hostname xyz.com forward to pool 123" 

"if hostname abc.com AND tcp address matches 1.2.3.4 forward to pool 456" 

Do this with every hostname, apply this policy to your virtual server.