miguel_alvarez_
Nimbostratus
NimbostratusIs it posible to put this i-rule, to drop a hostname, instead an IP addr?:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals some_hostname] } { drop } }
Forum Discussion
9 Replies
Hannes_RappYou drop connections not IP addresses or Hosts. If I understand you correctly, you just want to drop a connection if a particular HTTP Host is requested. That can be done as follows
when HTTP_REQUEST { if { [HTTP::host] eq "www.drop.me" }{ drop } }This requires HTTP profile applied to your Virtual Server, and SSL/TLS must be offloaded with a clientSSL profile by BigIP if it arrives encrypted
miguel_alvarez_One question: Is this the source address that arrives to the F5?: [HTTP::host] eq ";
- Hannes_Rapp
Your question confuses me because "HTTP Host" is a request destination attribute. Clients/Sources do not specify their HTTP Host values when making requests. It seems like you have misunderstood how HTTP works.
The closest thing to a "HTTP Host Source" that you could apply filters to is a HTTP Referer. Referer is an external host that initiates a HTTP redirect to your site.
Rdgs,
- miguel_alvarez_
"Clients/Sources do not specify their HTTP Host values when making requests."
I mean when I make a request from a host, when I launch a request from a host (with a IP SOURCE ADDRESS), this request must be dropped. Is this possible?.
Hannes_Rapp_162Nacreous
You drop connections not IP addresses or Hosts. If I understand you correctly, you just want to drop a connection if a particular HTTP Host is requested. That can be done as follows
when HTTP_REQUEST { if { [HTTP::host] eq "www.drop.me" }{ drop } }This requires HTTP profile applied to your Virtual Server, and SSL/TLS must be offloaded with a clientSSL profile by BigIP if it arrives encrypted
- miguel_alvarez_
One question: Is this the source address that arrives to the F5?: [HTTP::host] eq ";
- Hannes_Rapp_162
Your question confuses me because "HTTP Host" is a request destination attribute. Clients/Sources do not specify their HTTP Host values when making requests. It seems like you have misunderstood how HTTP works.
The closest thing to a "HTTP Host Source" that you could apply filters to is a HTTP Referer. Referer is an external host that initiates a HTTP redirect to your site.
Rdgs,
- miguel_alvarez_
"Clients/Sources do not specify their HTTP Host values when making requests."
I mean when I make a request from a host, when I launch a request from a host (with a IP SOURCE ADDRESS), this request must be dropped. Is this possible?.
- Stanislas_Piro2
Cumulonimbus
I think I understand what you want : you want to block if the client hostname is some_hostname.
the problem is the client never send it's hostname, so the only solution is a reverse DNS lookup for every request...
such filter is not security and will cause performance issue.
your irule won't be able to do it.
the following one can do (not optimized solution)
when CLIENT_ACCEPTED { if { [RESOLV::lookup @8.8.8.8 -ptr [IP::client_addr]] equals some_hostname } { drop } }