Forum Discussion

Nimbostratus

Jul 21, 2021

Allow domains on outbound virtual server with AFM policy

Hi, We have a virtual server to forward traffic to the internet. We have a policy to block access on only ports 80 and 443. We woud like to replace the allowed destinations from IP address to a domai...

AFM

BIG-IP Access Policy Manager (APM)

cloud

security

boneyard

MVP

Jul 25, 2021

APM with can do this SWG (Secure Web Gateway), though more in a proxy style. https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-access-policy-manager-secure-web-gateway-14-1-0/per-request-policy-configuration-for-swg.html

AFM can do this with FQDN objects. although im not 100% how it deals with different IP resolutions.

you could also do this with an irule and look at the Host header. shouldn't be that hard to build. though keeping such a list is some work i would say.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Allow domains on outbound virtual server with AFM policy

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

iControl REST Cookbook - Virtual Server (ltm virtual)

Regional Edge Resiliency Zones and Virtual Sites

Enriching AFM with public domain Threat Intelligence

SSL Orchestrator Advanced Use Cases: Outbound SNAT Persistence

Lightboard Lessons: SSL Outbound Visibility

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS