F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!
17-Nov-2021 03:10
HI Guys,
The requirement is to restrict site access via IP - I am trying to block access based on host value
Can someone please review and advise if the below event block will work.
when HTTP_REQUEST {
if { [HTTP::header "host"] equals "10.x.x.x"}{
log local0. "dropped"
reject
}
17-Nov-2021 04:11 - last edited on 04-Jun-2023 19:15 by JimmyPackets
Hi TJ01,
You can use [HTTP::header host] or [HTTP::host]
when HTTP_REQUEST { if { [HTTP::host] equals "10.11.12.13" } { log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]" drop } }
For access only with host "abc.example.com"
when HTTP_REQUEST { if { [HTTP::host] ne "abc.example.com" } { log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]" drop } }
23-Nov-2021 22:28
Thanks Enes -- Appreciate your help on this ...
if we choose to use code to allow the host with "abc.example.com" only .. will that include the header of "www. abc.example.com" or need to explicitly add it what that "and" statement would be ?
24-Nov-2021 07:43 - last edited on 04-Jun-2023 19:15 by JimmyPackets
It will not contain "www.abc.example.com". If want to match with www:
when HTTP_REQUEST { if { [HTTP::host] ne "abc.example.com" && [HTTP::host] ne "www.abc.example.com" } { log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]" drop return } }
or learn more...
