how can i make irule to block port 25 on virtual server?

Question

hi all,
can  i block port 25 on virtual server which has service port (0) any ??&nbsp;

samir_jha_52506 · Answer

Yes. you can achieve via policy also. Please find the irule.
    when CLIENT_ACCEPTED {
 if { ([string tolower [HTTP::host]] equals "xyz.com") &amp;&amp; ([TCP::local_port] == 25)} {
        drop
    log local0. "connection dropped from [HTTP::host]"
         }
    }

stanislas_piro2 · Answer

Do you really require a Any port virtual server. 
Starting with Exchange 2013, all exchange services are on HTTPS port.
if you require it, try this irule:
when CLIENT_ACCEPTED {
    if {  [TCP::local_port] == 25} {
        TCP::respond "500 Service not available, closing transmission channel"
     }
}

arie · Answer

Blocking a single port violates the security best practices (which are often requirements) of "least privilege" and "default deny". I would recommend turning it around and allowing only what you actually need, even on a VIP that is configured to allow all ports.

yosry92_331999 · Answer

how can i block it via policy??&nbsp;

Forum Discussion

how can i make irule to block port 25 on virtual server?

4 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Export Virtual Server Configuration in CSV - tmsh cli script

Google reCAPTCHA v2 challenge iRule, integration with BIG-IP virtual server

Remove iRule From Multiple Virtual Servers

WILS: Virtual Server versus Virtual IP Address

Export GTM/DNS Virtual Servers Configuration in CSV - tmsh cli script