Using F5 BIG-IP iRules to Restrict Access via Specific Domain

November 12, 2022

This title isn't great...  Let me explain.


When hosting services externally, it is always important for them to be as secure as possible. With our DMZ services, we have A records in our DNS for them which, of course, end with our domain. Unfortunately, our ISP also adds A records into their DNS for our external IPs. If someone were to browse to one of these FQDNs presented by our ISP, they would reach the service and be prompted with an SSL certificate validation error (since the FQDN does not match the FQDN that the SSL certificate was generated for).

Due to this, we want to write an iRule that will prevent users from accessing our services when not browsing to the proper FQDN.


The following iRule solved it for us. It is a simple solution but, you can adapt it to your needs. Do not forget to apply the iRule to your virtual servers afterward (Virtual Servers > Resources > iRules).

    if { !([HTTP::host] contains "") } {

After applying, test it out. For this example, the following should occur:

  • Browsing to should work
  • Browsing to should not work

©2024 Tyler Wright