Forum Discussion
Valentine_96813
Nimbostratus
NimbostratusBlock Domain redirect
I have an instance where someone has created a derrogatory subdomain in external DNS and is redirecting to one of our production VSs. Is there a way to log/block redirects from a specific subdomain i...
nitass_89166
Noctilucent
Noctilucentthis is another example.
[root@ve1023:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.65.152:http
ip protocol tcp
rules myrule
profiles {
http {}
tcp {}
}
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when HTTP_REQUEST {
if {[class match -- [string tolower [HTTP::host]] starts_with domain_blacklist]}{
log local0. "[IP::client_addr]:[TCP::client_port]|[HTTP::host]|[HTTP::uri]"
reject
}
}
}
[root@ve1023:Active] config b class domain_blacklist list
class domain_blacklist {
{
"anotherbaddomain"
"somebaddomain"
}
}
[root@ve1023:Active] config curl -I http://somebaddomain.abc.com/
curl: (52) Empty reply from server
[root@ve1023:Active] config
Nov 15 23:30:47 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:41065|somebaddomain.abc.com|/
[root@ve1023:Active] config curl -I http://anotherbaddomain.abc.com/
curl: (52) Empty reply from server
[root@ve1023:Active] config
Nov 15 23:30:53 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:41067|anotherbaddomain.abc.com|/
SnlCirrostratus
Hi Nitass
The irule example provided can block source based domain or destination?
i am looking for similar irule where want to block specific source domains using data group list towards destination domain xyz.com which hosted on my F5
example block abc.com domain as source(initiate request) to access xyz.com domain
BR/
snl
