Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Can F5 drop IP direct access to virtual server? Allow only URL access and no ssl validate.

kridsana
Cirrocumulus
Cirrocumulus

‎09-Nov-2021 08:58

We detect that there is customer using direct IP to connect with F5 virtual server.

 

But we want customer to connect by using URL only. so we create irule to detect HOST header as below

when HTTP_REQUEST {

switch -glob [string tolower [HTTP::host]] {

"www.abc.com" {

log local0. "[HTTP::host] allowed"

}

default {

log local0. "blocked"

reject

}

}

}

 

Problem is F5 reject IP access as expected. But There is still certificate error page before F5 reject. (F5 reject in HTTP request state)

Can we reject/drop connection in ssl state? no need for customer to validate certificate error. (ie. detect URL from sni, etc)

 

Thank you

Labels:
0 Kudos
1 REPLY 1

SanjayP
MVP
MVP

‎11-Nov-2021 05:29

As HTTP_REQUEST is event always triggered after TLS hanshake, this is expected. To meet your requirement, you would need to create LTM policy with something like below settings and remove this iRule.

 

0691T00000F6yijQAB.gif 

Let us know how testing goes.

 

Copyright © 2023 Khoros, LLC