Forum Discussion

jan_de_wachter_'s avatar
jan_de_wachter_
Icon for Nimbostratus rankNimbostratus
Nov 27, 2017

Source port of original Virtual server

We have a "general" Virtual Server for port 80, another for port 443 applications. Also limiting the number of ip addresses. This Virtual server does a forwarding to a specific virtual server depending on the specific application.This specific virtual server has the same ip as the 'general' virtual server, but another port. This gives us the possibility to easily specify specific parameters for that application, makes it easier to debug, .... .

 

But we noticed that some users are entering the specific VS without passing to the general VS, specifying the 'specific" port.

 

Normally: url:80 --> general VS with port 80 ---> specific VS with port xxx.

 

Some do : url:xxx --> specific VS with port xxx.

 

We would like to prevent this. How can we do this, if possible using a policy? Is there a way to test the incoming port of the 'general' Virtual Server??

 

I've tried a lot but I always get xxx as the incoming port.

 

Any help is appreciated

 

Jan

 

application delivery
LTM

2 Replies

Sort By
  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    Nov 27, 2017

    Did you tried with iRule to capture incoming port number and block request? If you notice client browser incoming port always will start from 50000 to 65535(Please correct me if i am wrong). Besed on that you can tune iRule.

     

    So far not receive such requirement, So Dev central expert will help us.

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Nov 27, 2017

    If im not mistaken the request for host:xxx will have a host header with the :xxx port behind the hostname. so check [HTTP::host] and if it isn't empty or :80 then you have something to block on right?