Block direct IP access from internet
Hi We have multi-domain (ie. a1.test.com, a2.test.com, etc) which is in one Virtual server. (*.test.com) Can we block direct ip access from internet? we want customer to connect using only website hostname , not public ip. but we have many hostname in one vip. Can I use this irule? when HTTP_REQUEST { switch -glob [HTTP::header "Host"] { "*.test.com"{ Allow} else { reject } }Can F5 drop IP direct access to virtual server? Allow only URL access and no ssl validate.
We detect that there is customer using direct IP to connect with F5 virtual server. But we want customer to connect by using URL only. so we create irule to detect HOST header as below when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "www.abc.com" { log local0. "[HTTP::host] allowed" } default { log local0. "blocked" reject } } } Problem is F5 reject IP access as expected. But There is still certificate error page before F5 reject. (F5 reject in HTTP request state) Can we reject/drop connection in ssl state? no need for customer to validate certificate error. (ie. detect URL from sni, etc) Thank you
Can I direct the ASM Violation Response to an API instead of direct to the Client?
Using either the ASM response pages or an iRule, is it possible to direct the response from the F5 to an API of my choice rather than replying directly to the client? This would allow the Dev to work with the response and serve the client crafted content. Thank you