Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Domain Based Filtering

Subrun
Cirrostratus
Cirrostratus

‎03-Mar-2022 20:11

Hello,

is it possible to use F5,  to allow incoming URL’s based on a wildcard? Like *.testforce.com  ?  That means as long as traffic come from testforce.com , F5 will allow that traffic coming to a VIP. I have AFM license at F5.

Labels:
0 Kudos
4 REPLIES 4

Mayur_Sutare
MVP
MVP

‎04-Mar-2022 00:34

Hi @Subrun ,
Do you mean to allow traffic coming for specific wildcard domains and rest should be dropped on the F5 VIP? If yes, then its possible using simple iRule also.

SamCo
Cirrus
Cirrus

‎04-Mar-2022 06:16

Hello,

It's also feasible using LTM policies if you don't want an irule.

Simply by creating a match with the following conditions:

HTTP Host host ends with .testforce.com

 

Cheers,

Sam

Subrun
Cirrostratus
Cirrostratus
In response to SamCo

‎10-Mar-2022 21:03

Should I say *.testforce.com or .testforce.com  ? in the LTM Policy.

Also from the LTM Policy should that be "Forward Traffic " to Virtual Server Name ?

LTM_Policy.png

 

0 Kudos

Mayur_Sutare
MVP
MVP
In response to Subrun

‎14-Mar-2022 20:35 - edited ‎14-Mar-2022 20:49

Hi @Subrun 

The way you are trying to write policy will forward traffic to the specified vServer/pool when request is coming for *.testforce.com. So with such policy, vServer will forward traffic for rest domain requests to default pool if you have it on your vServer. This strategy will be more useful when you want to forward traffic for specific domain to the desired pool/vServer

e.g.

for abc.testforce.com forward traffc to abc-pool

for xyz.testforce.com forward traffc to xyz-pool

Looking at your use case, I would recommend you to write policy to deny ttraffic which is not coming for desired domain e.g. *.testforce.com. This will be more easy to maintain.

And whenever you want to add few more domain into allow list, you can add it in the rule. Ref policy is attached.

LTM Policy sample.JPG

Now when traffic will come for the desired domain, vServer will forward it to desired pool based on either default pool or iRule etc, depending upon how are you managing it.

Hope it helps!

0 Kudos
Copyright © 2023 Khoros, LLC