09-Sep-2022 01:12
Hi
We have multi-domain (ie. a1.test.com, a2.test.com, etc) which is in one Virtual server. (*.test.com)
Can we block direct ip access from internet?
we want customer to connect using only website hostname , not public ip. but we have many hostname in one vip.
Can I use this irule?
when HTTP_REQUEST {
switch -glob [HTTP::header "Host"] {
"*.test.com" { Allow }
else { reject }
}
09-Sep-2022 01:27 - edited 09-Sep-2022 01:32
Hello, iRule syntax needs some fixes, switch instruction with glob-style matching does not support wildcards nor else statements
Try this instead, it's simplified
when HTTP_REQUEST {
if { not ([string tolower [HTTP::host]] ends_with ".test.com")}{ reject }
}
09-Sep-2022 05:13
First of all there is a simple rule: Use LTM Policy instead of iRule wherever its possible. Small benefit of this is less cpu and easier understanding. Simple create a LTM Policy with rules like
"if hostname xyz.com forward to pool 123"
"if hostname abc.com AND tcp address matches 1.2.3.4 forward to pool 456"
Do this with every hostname, apply this policy to your virtual server.