Forum Discussion

formiarevo_2065's avatar
formiarevo_2065
Icon for Nimbostratus rankNimbostratus
Jun 15, 2015
Solved

How to deny the request with the Host:IP address in the request header, not Host:the domain name.

Hi All,   I have a LTM device with version 11.6.0.   I would like to deny the HTTP request that the host value is IP address.   For example, Our website, test.com has a VIP, 1.1.1.1.   I...
application delivery
LTM
management
security
TMOS
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Jun 15, 2015

    Yes, using an iRule is recommended here. Since you said you're using v11.6, you can also use what is called an LTM Policy(Local Traffic -> Policy) for such purpose. There are SOL arcitles that explain the topic.

    If you want to use an iRule:

    when HTTP_REQUEST {

  if { [HTTP::host] == "1.1.1.1" }{
    reject  If you want to send TCP-RST as a response (Connection has been reset error will occur)
    TCP::close  If you want to drop the request (Timeout will occur)    
    log local0. "[IP::client_addr] Denied access to <[HTTP::host][HTTP::uri]>"
  }
}
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus

Yes, using an iRule is recommended here. Since you said you're using v11.6, you can also use what is called an LTM Policy(Local Traffic -> Policy) for such purpose. There are SOL arcitles that explain the topic.

If you want to use an iRule:

when HTTP_REQUEST {

  if { [HTTP::host] == "1.1.1.1" }{
    reject  If you want to send TCP-RST as a response (Connection has been reset error will occur)
    TCP::close  If you want to drop the request (Timeout will occur)    
    log local0. "[IP::client_addr] Denied access to <[HTTP::host][HTTP::uri]>"
  }
}
formiarevo_2065's avatar
formiarevo_2065
Icon for Nimbostratus rankNimbostratus
Jun 15, 2015
Wow~ Good Answer! I tested LTM Policy as you said. So easy. Thanks Hannes, Mia.