F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

jlb4350's avatar
jlb4350
Icon for Cirrus rankCirrus
Oct 23, 2023

Block outbound connections via DNS rather than server_connected

I have an iRule that calls on a datagroup to block outbound traffic from my office to certain countries. The iRule is working, but I am using iRule event "server_connected" and when that occurs it ju...
devops
Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
Oct 24, 2023

Try creating a new virtual server, where it's safe to experiment with the iRule. You can try the iRule below.

when LB_SELECTED {
  log local0. "LB_SELECTED: debug"
  
  if ([class match [whereis [LB::server addr] country] equals "OutboundBlacklist"])}{
    log local0. "LB_SELECTED: [LB::server addr] found on OutboundBlacklist -> reject" 
    reject
  }
}

when SERVER_CONNECTED {
  log local0. "SERVER_CONNECTED: debug"
  
  if {([class match [whereis [IP::server_addr] country] equals "OutboundBlacklist"])}{
    log local0. "SERVER_CONNECTED: [IP::server_addr] found on OutboundBlacklist -> reject"
    reject
  }
}

 As you can see the iRule contains some extra logging options. You should see the output in /var/log/ltm. Try sending some traffic through your test virtual server and check the logs. 

About the HTTP_REQUEST event. When this event is triggered, there is no information about the server side server IP-address yet. Remember you have the client side client, client side server, server side client and server side server IP-addresses. Your action needs to to match the server side server IP-address. 

jlb4350's avatar
jlb4350
Icon for Cirrus rankCirrus
Oct 25, 2023

Awesome, I will definitely give this a try and report back when we do. I really appreciate your time and assistance!