Restricting direct access from public IP

Question

My website that resides under BIG IP F5 can directly be opened making use of public IP. As my site is one to one NAT'd and and one application under one public IP it can directly be opened using public IP. I want to restrict making use of opening the site directly via the public IP and available only through domain.  Please, do let me know if there is any way that I can achieve this .

sanjayp · Accepted Answer

If you VIP hosts single domain then use this to whitelist itwhen HTTP_REQUEST {
 switch [string tolower [HTTP::host]] {
 "www.domain.com" 
  {
   return
  }
 default { 
   reject
  }
 }
}If VIP hosts multiple domains/SAN use below to whitelist allwhen HTTP_REQUEST {
 switch [string tolower [HTTP::host]] {
 "www.domain1.com" -
 "www.domain2.com" -
 "www.domain3.com" 
 {
   return
  }
 default { 
   reject
  }
 }
}

sanjayp · Answer

You can use iRule, LTM policy or ASM profile to reject the requests coming with IP as HOST header. Let me know if you need further help with any of it.

sushant · Answer

thank you for the reply...can you share me the irule if possible ?&nbsp;&nbsp;

sushant · Answer

when HTTP_REQUEST {    if { [HTTP::header "Host"] equals " " }  {         reject      }  } &nbsp;tryin to use this irule without any success

sushant · Answer

thanks ...working now

Forum Discussion

Restricting direct access from public IP

5 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Chrome V 124+ on MacOS - Virtual Server Access Issue

google-visualization-issues

The best load balance method on this scenario?

SMS server with BIGIP

Related Content

Irule for restricting access

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Restricting access to a virtual server by Public IP address should access through only domain name.