You can use HTTP security policies to define actions such as allowing or denying a connection, redirecting to HTTPS, or responding with a static page.
Procedure
- From the top navigation bar, select Resources and click Cloud Resources.
- In the left panel, click Edge Gateways.
- Click the NSX edge gateway, and under Load Balancer, click Virtual Services.
- Click the vertical ellipsis () on the left of the virtual service name and select Configure Policies.
- Click HTTP Security, and click New.
- Enter a name for the rule.
- To activate the rule upon creation, toggle on the State option.
- Under Match Criteria, click New.
- Select one or more match criteria and enter the necessary input.
Match Criteria Input Client IP Address - Select whether to perform an action if the client IP matches or doesn't match the value that you enter.
- Enter an IPv4 address, or an IPv6 address, or a range, or a CIDR notation.
- (Optional) To add additional IP addresses, click Add IP.
Service Port - Select whether to perform an action if the virtual service port matches or doesn't match the value that you enter.
- Enter a port or a list of ports in a comma-separated list.
Protocol Type Select a type of protocol. HTTP Method - Select whether to perform an action if the HTTP method matches or doesn't match the value that you enter.
- Select one or more HTTP methods used by the client request.
Path - Select a criteria for the path.
- Enter a path string.
Note: The path doesn't need to begin with a forward slash ( / ).
- (Optional) To add additional paths, click Add Path.
Query - Enter text that is part of a query string.
- (Optional) To enter additional queries, click Add Query.
Request Headers - Select a criteria for the request header.
- Enter a name for the header.
- Enter one or more values for the header.
- To add additional headers, click Add Header.
Cookie - Select a criteria for the cookie.
- Enter a name for the cookie.
- Enter a value.
- Select an action to perform upon a match.
Action Input Connection Select whether to allow or to close the connection. Rate Limit - Enter a maximum number of connections, requests or packets to allow for a period of time.
- Enter a value for the time period in seconds.
- Select an action to perform when the maximum count of requests within the specified period of time is reached.
Redirects to HTTPS Enter an HTTPS port to redirect HTTP requests. Send Response Select a status code and, optionally, upload a file to render in response. - Click Add.
- To add another rule, repeat steps 6 through 12.
- To move a rule up or down the list, click the vertical ellipsis () on the left of the rule name and select the desired action.
- To save your changes, click Save.