iRule to block user coming from 1 URL

Question

Hi there,&nbsp;
&nbsp;I'd like to block any http request to any user coming from a particular website. &nbsp;
&nbsp;It's going on a web server that is behind the F5 and already have a public IP address. It's not a node though, not load balanced nor behind a VIP.&nbsp;
&nbsp;I came up with this:&nbsp;&nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;   if { ([HTTP::header "Referer"] eq "http://blahblah/") }
&nbsp;   {  drop
&nbsp;   }

&nbsp; }&nbsp;
&nbsp;Then I tried creating a VIP with the same public IP address and with the iRule, but the apache stop responding.
&nbsp;edit: I forgot to create associate it with a pool with this single node, that's how I have to do it ?&nbsp;&nbsp;
&nbsp;Can you help me please ? Many thanks.&nbsp;

hooleylist · Answer

Hi Bastien, 
 That looks right if you wanted to drop all requests coming into the virtual server with a Referer header of http://blahblah/.  Can you test this on a test virtual server and add logging to see what was happening? 
 when HTTP_REQUEST {

if { ([HTTP::header "Referer"] eq "http://blahblah/") } {
      log local0. "[IP::client_addr]:[TCP::client_port]: Dropping [HTTP::method] to [HTTP::host][HTTP::uri] with Referer [HTTP::header Referer]"
      drop
   } else {
      log local0. "[IP::client_addr]:[TCP::client_port]: Allowing [HTTP::method] to [HTTP::host][HTTP::uri] with Referer [HTTP::header Referer]"
   }
}
 
 Aaron

bastien_8356 · Answer

Hey hoolio, thx I'll give a try, but I didn't succeed in creating a VIP with my webserver as the only node. It's stop responding. 
&nbsp; This webserver has 2 public IP, one for https, one for http (that's the one i'm interested in). 
&nbsp;  
&nbsp; So I created a VIP with this same IP, profile http, I created a pool with this server. As soon I created the VIP, it stops working :(

michael_yates · Answer

When you say: 
&nbsp;  
&nbsp; So I created a VIP with this same IP 
&nbsp;  
&nbsp; The Virtual Server does not have the same IP Address that belongs to the server does it?

bastien_8356 · Answer

That's what I did, probably why it didn't work ? 
&nbsp;  
&nbsp; I can't change the public IP as it's on the DNS. 
&nbsp;  
&nbsp; I would need to use this public IP as the VIP, and change the ip of the server for a private one (and also update my apache config) correct ?

michael_yates · Answer

If your DNS is pointed to that IP Address, then you could change ownership of the IP Address. 
&nbsp;  
&nbsp; Assign the IP Address to the BIG-IP and assign a different IP Address on the server.  That way the traffic will flow through the Load Balancer and then to the server (after whatever manipulation you want to do with your iRules. 
&nbsp;  
&nbsp; You cannot have the same IP Address on two devices, it creates an IP Address Conflict. 
&nbsp;  
&nbsp; DNS -&gt; F5 Virtual Server -&gt; Pool (containing your server IP Address and Port). 
&nbsp;  &nbsp;

Forum Discussion

iRule to block user coming from 1 URL

9 Replies

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

iRule for blocking specific string in header & displaying blocking page

Blocking domains

chrome 84 blocking rdp native

Block Active-Sync on Virtual Server

Authentication via Azure AD blocked by Access policy