i rule

networksecurity2022 · ‎31-Mar-2022

please help me to create Irule below requirement.

If <sourec ip1 >or <source ip2> IPs are the sourceAddress and Host header is either <x.x.x.x>or <Y.Y.Y.Y> then you have to allow the communication. Other than <sourec ip1 > and <source ip2> IPs, rest of the IPs will be blocked if they are having IP in the host header.

Dario_Garrido · ‎01-Apr-2022

Hello networksecurity2022.

Try this

when HTTP_REQUEST {
  if { ([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>") } {
    if { !(([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>")) } {
      reject
    }
  }
}

Regards,
Dario.

networksecurity2022 · ‎01-Apr-2022

@Dario_Garrido Dario_Garrido

Thank you i will check and update the status.

networksecurity2022 · ‎01-Apr-2022

Above rule not working, request must allow. only reject Other than source ips, rest of the IPs will be blocked if they are having IP in the host header.

Dario_Garrido · ‎01-Apr-2022

Hello.

Check this one.

Rejects everything to those IPs (<x.x.x.x> or <y.y.y.y>) in the host header, except if the source is one of those IPs (<source ip1> or <source ip2>)

when HTTP_REQUEST {
  if { ([HTTP::host] eq "<x.x.x.x>") || ([HTTP::host] eq "<y.y.y.y>") } {
    if { !(([IP::client_addr] eq "<sourec ip1>") || ([IP::client_addr] eq "<sourec ip2>")) } {
      reject
    }
  }
}

Regards,
Dario.

DevCentral

i rule

Register For AppWorld 2024

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

i rule

Register For AppWorld 2024

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards