blocking or dropping particular dns requests

Sure.

   
   when HTTP_REQUEST {   
     if { not([string tolower [HTTP::host]] eq [domain [string tolower [HTTP::host]] 2]) } {   
       discard   
     }   
   }   
   

Citizen's example would check if the requested host is two dotted fields (example.com or co.uk). You could also explicitly check for a requested host of example.com and reject anything else:

 
 when HTTP_REQUEST { 
  
     Check if requested host (set to lower case) is example.com 
    if {[string tolower [HTTP::host]] eq "example.com"}{ 
  
        Send an HTTP response 
       HTTP::respond 403 
  
        Reset the TCP connection 
       reject 
    } 
 } 
 

Aaron

Aaron,

 

 

I assumed that I would add a default pool to my VIP and assign this irule, but I can still get to it by name and IP.

 

 

when HTTP_REQUEST {

 

if { not ([HTTP::host] equals “www.foo.com”)} {

 

drop

 

}

 

}

 

 

this iRule checks the host header and drops the request if hostname is not www.foo.com

 

you can also log, send http redirect, or do anything you want when the hostname is not matching www.foo.com

 

 

in case of not well known port number for http:

 

 

when HTTP_REQUEST {

 

if { not ([getfield [HTTP::host] : 1] equals “www.foo.com”)} {

 

drop

 

}

 

}

 

 

This iRule returns the hostname without the port number used in request.

 

 

I cannot get any of these to work for some reason. There has to be something dumb that I am missing.

 

 

 

 

I would assume that since the irules do not contail anything regarding a pool that I would need to assign one?

 

 

I am sorry, but I am definitely a noob with irules.