Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

i rule

networksecurity2022
Nimbostratus
Nimbostratus

‎31-Mar-2022 23:46

please help me to create Irule below requirement.

If <sourec ip1 >or <source ip2> IPs are the sourceAddress and Host header is either <x.x.x.x>or <Y.Y.Y.Y> then you have to allow the communication. Other than <sourec ip1 > and <source ip2> IPs, rest of the IPs will be blocked if they are having IP in the host header.

Labels:
0 Kudos
4 REPLIES 4

Dario_Garrido
MVP
MVP

‎01-Apr-2022 02:58

Hello networksecurity2022.

Try this

when HTTP_REQUEST {
  if { ([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>") } {
    if { !(([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>")) } {
      reject
    }
  }
}

 

Regards,
Dario.
0 Kudos

networksecurity2022
Nimbostratus
Nimbostratus
In response to Dario_Garrido

‎01-Apr-2022 05:42

 

@Dario_Garrido Dario_Garrido
 
   Thank you i will check and update the status.
 
0 Kudos

networksecurity2022
Nimbostratus
Nimbostratus

‎01-Apr-2022 10:25

Above rule not working,  request must allow. only reject Other than source ips, rest of the IPs will be blocked if they are having IP in the host header. 
0 Kudos

Dario_Garrido
MVP
MVP
In response to networksecurity2022

‎01-Apr-2022 11:50

Hello.

Check this one. 

Rejects everything to those IPs (<x.x.x.x> or <y.y.y.y>) in the host header, except if the source is one of those IPs (<source ip1> or <source ip2>)

when HTTP_REQUEST {
  if { ([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>") } {
    if { !(([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>")) } {
      reject
    }
  }
}

 

Regards,
Dario.
0 Kudos
Copyright © 2023 Khoros, LLC