Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Do not allow IP through https

Hello,

I am inquiring on how to do the following:

Do not allow IP access through HTTPS

Example: https://33.33.33.33 < - Don't allow this https://dns.name.com < - Allow this only

I am not sure how about to search this through the F5 Dev Central articles, any help is greatly appreciated.

Thanks

0
Rate this Question
Comments on this Question
Comment made 3 months ago by NGX IT 2

BIG-IP v11.5.1 is what I am running

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Try this:

when HTTP_REQUEST {
    if { !([string tolower [HTTP::host]] equals "dns.name.com") } {
        reject
    }
}
1
Comments on this Answer
Comment made 3 months ago by crodriguez

...or to make this generic for any virtual server and not just a specific domain name, you could do something like this. (The log command is unnecessary.):

when HTTP_REQUEST {
    if { ![catch { IP::addr [HTTP::host]/0 equals 0.0.0.0 }] } {
        log local0.info "HTTP request with IP address in host - [HTTP::host] from [IP::client_addr]"
        reject
    }
}

If you don't want the BIG-IP system to send a reset, you can use drop instead of reject.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Another Approach will be to add all virtual server IPs in a data group and write a generic irule to deny request, you can either reject or send HTML having access denied message e.g

ltm rule fqdn_access {
    when HTTP_REQUEST {
        if {[class match [HTTP::host] equals VIP_IPs] }{
                HTTP::respond 200 content {
                <html>
                    <head>
                        <title>Access Denied</title>
            </head> 
            <body>
                    We are sorry. Use FQDN to access.
            </body>
            </html>
                    }
            } 
    }
    }
    #DataGroup
    ltm data-group internal VIP_IPs {
    records {
    33.33.33.33 { }
    33.33.33.34 { }
}
type string
}
0
Comments on this Answer
Comment made 3 months ago by NGX IT 2

Thank you very much everyone, the first one worked great for me :).

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Thank you very much everyone, the first one worked great for me :).

0