Block Domain redirect

Hi Valentine,

 

 

With a little further hacking this is what Colin and I came up with. It will allow you to blacklist an entire domain and its subdomains (www.sea.webcluster1.f5.com will always match f5.com). You'll want to create a datagroup containing the list of base domains (f5.com, example.com, etc.). Then add the datagroup name to the top of the iRule in the RULE_INIT section and you should be good to go. Here is the code:

 

 

ltm data-group internal /Common/domain_blacklist {   records {    anotherbaddomain.com { }    somebaddomain.com { }  }  type string } ltm rule /Common/http_domain_blacklist {  when RULE_INIT {      set static::domain_blacklist_dg "domain_blacklist"     set static::debug 1   }  when HTTP_REQUEST {      grab the base domain (top level plus subdomain) from HTTP::host     set base_domain [join [lrange [split [HTTP::host] .] end-1 end] .]     if { [class search $static::domain_blacklist_dg equals $base_domain] } {       if { $static::debug > 0 } { log local0. "[IP::remote_addr] attempted to access a blacklisted_domain: $base_domain" }        send a TCP reset       reject    }  } }

 

Now if someone resolves somebaddomain.com, www.somebaddomain.com, or www.web1.gtm.somedc.somebaddomain.com and it points at the virtual with this iRule, the browser will receive a TCP reset.

 

 

-George