Forum Discussion
11 Replies
Hello yuanqiang,
Can you clarify your idea?
May be you want to filter the source IP addresses from which the virtual server accepts traffic.
Regards,
Preslav
- ebenNimbostratus
Hi yuanqiang,
If I get your question right, you don't want VS to be accessed using IP address, only the use of domain name for the VS yes?
- HamishCirrocumulus
If it's the latter )only access via domain name and not IP), you could try looking at the host: header. It SHOULD be filled in with the site name from the URL that was typed...
I'm not sure whether you'll get any false readings (Positive or Negative) from that, but convention says it will mostly do what you want. No guarantees though because it's up to the browser to fill in that header correctly. Of course if it doesn't other things will probably break, so you may be in luck.
- eben_259100Cirrostratus
Hi yuanqiang This should get the job done.
when HTTP_REQUEST{ if {[HTTP::host] equals " }
}
HTH Regards
Eben.
- yuanqiang_22112Nimbostratus@eben,thank you ! Maybe I can try this irules again ,right ?
when HTTP_REQUEST{ if {[HTTP::host] equals " log.local0 "connection dropped from client for accessing [HTTP::host]" }else{ drop }
- Jad_Tabbara__J1Cirrostratus
@Yuanqiang this will not work since you are dropping all requests that don't come with
also the command you need to correct the following line
log local0. "connection dropped from client for accessing [HTTP::host]"
- ebenNimbostratus
Hi yuanqiang This should get the job done.
when HTTP_REQUEST{ if {[HTTP::host] equals " }
}
HTH Regards
Eben.
- yuanqiang_22112Nimbostratus@eben,thank you ! Maybe I can try this irules again ,right ?
when HTTP_REQUEST{ if {[HTTP::host] equals " log.local0 "connection dropped from client for accessing [HTTP::host]" }else{ drop }
- Jad_Tabbara__J1Cirrostratus
@Yuanqiang this will not work since you are dropping all requests that don't come with
also the command you need to correct the following line
log local0. "connection dropped from client for accessing [HTTP::host]"
- Jad_Tabbara__J1Cirrostratus
Hello Yuanqiang,
It is better to check in your irule the FQDN and based on the FQDN drop or do nothing.
when HTTP_REQUEST { if { ! ( [string tolower [HTTP::host]] eq "app.domain.com" ) } { drop log local0. "connection dropped from client for accessing [HTTP::host]" } }
By doing this, you prevent clients to connect via IP directly and also via other FQDN (if they changes their host file for example).
Hope it helps
Regards
- Simon_BlakelyEmployee
I'd recommend using a Local Traffic Policy (Local Traffic ›› Policies : Policy List)
Introducing Local Traffic Policies
This discusses creating a Local Traffic Policy that examines the Host header for a specific value - you can redirect or drop requests that do not match your criteria.