iRule Redirect by IP?
We're decommissioning a site where the web servers are behind a VIP. What we've done so far is remove the DNS entry so it is no longer accessible by entering the URL for it. Security scans are still able to reach it, however, as entering the public IP for it still allow it to connect to the backend hosts (which currently throw back a 503 error). We have a few redirects in an iRule for that VIP since the public IP is still used for other things and CNAMES, so I want to prevent external access to those hosts. I was thinking of adding a statement using the public IP as the header, the forwarding it to "our.production.website.com" as shown below, but I'm unsure if you can use the public IP in such a statement (shown at the bottom). Can we do this? Here is what we currently have in the iRule: when HTTP_REQUEST { if {[HTTP::host] eq "alphasite.web.site.com"} { HTTP::respond 301 Location "https://test1.web.site.com[HTTP::uri]\r\nStrict-Transport-Security: max-age=31536000" } elseif {[HTTP::host] eq "betasite.web.site.com"} { HTTP::respond 301 Location "https://test2.web.site.com[HTTP::uri]\r\nStrict-Transport-Security: max-age=31536000" } elseif { ([HTTP::host] eq "oldproduction.website.com" || [HTTP::host] eq "backupproduction.website.com") } { HTTP::respond 301 Location "https://our.production.website.com[HTTP::uri]\r\nStrict-Transport-Security: max-age=31536000" } } elseif {[HTTP::host] eq "20.30.30.40"} { HTTP::respond 301 Location "https://our.production.website.com[HTTP::uri]\r\nStrict-Transport-Security: max-age=31536000" }Change APM /public path to something else?
I'm using policy that disables APM policy on /public subpath as this path is used on server for direct linking and hotlinking files for headless clients (like curl or wget). Unfortunately /public directory collides with APM /public directory used for css and images. As result all APM pages look broken: How can I change /public path used by APM to something else like idk... /static for example? For /public bypass I'm using two virtual servers like this: http_server -> http_server_apm where http_server has policy with action Forward to virtual server http_server_apm if URI path doesn't start with /public. http_server_apm has APM policy assigned.
