restrict
2 TopicsCan F5 drop IP direct access to virtual server? Allow only URL access and no ssl validate.
We detect that there is customer using direct IP to connect with F5 virtual server. But we want customer to connect by using URL only. so we create irule to detect HOST header as below when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "www.abc.com" { log local0. "[HTTP::host] allowed" } default { log local0. "blocked" reject } } } Problem is F5 reject IP access as expected. But There is still certificate error page before F5 reject. (F5 reject in HTTP request state) Can we reject/drop connection in ssl state? no need for customer to validate certificate error. (ie. detect URL from sni, etc) Thank you534Views0likes1CommentiRule to restrict access on combinations of URI's / source addresses
Hello ! I've problems to write an iRule that would allow access only to : URI starting with /uri1/... only from datagroup1 URI starting with /uir2/... only from datagroup2 All other connections would end up with a 403 Forbidden. I tried different positive/negative combinations but none of them work... Thanks a lot for your help ! Gerald296Views0likes1Comment