cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict domain access via host IP

TJ01
Nimbostratus
Nimbostratus

HI Guys,

 

The requirement is to restrict site access via IP - I am trying to block access based on host value

 

Can someone please review and advise if the below event block will work.

 

when HTTP_REQUEST {

 if { [HTTP::header "host"] equals "10.x.x.x"}{

    log local0. "dropped"

    reject

   }

 }   

3 REPLIES 3

Hi TJ01,

 

You can use [HTTP::header host] or [HTTP::host]

when HTTP_REQUEST { if { [HTTP::host] equals "10.11.12.13" } { log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]" drop } }

For access only with host "abc.example.com"

when HTTP_REQUEST { if { [HTTP::host] ne "abc.example.com" } { log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]" drop } }

 

TJ01
Nimbostratus
Nimbostratus

Thanks Enes -- Appreciate your help on this ...

 

if we choose to use code to allow the host with "abc.example.com" only .. will that include the header of "www. abc.example.com" or need to explicitly add it what that "and" statement would be ?

Hi TJ01,

 

It will not contain "www.abc.example.com". If want to match with www:

when HTTP_REQUEST { if { [HTTP::host] ne "abc.example.com" && [HTTP::host] ne "www.abc.example.com" } { log local0. "request dropped - Host: [HTTP::host] ClientIP: [IP::client_addr]" drop return } }