F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Scott_Larson's avatar
Scott_Larson
Icon for Nimbostratus rankNimbostratus
Jul 03, 2007

Block until NAME::lookup returns?

For my iRule, I need to perform a reverse DNS lookup, and determine if a client IP is from a domain ending in .mil or .gov. This determines whether or not they need to authenticate. The authenticati...
application delivery
dev
devops
iRules
Chris_Proctor_1's avatar
Chris_Proctor_1
Icon for Nimbostratus rankNimbostratus
Aug 16, 2007
I know this is a bit off topic, but isn't using the reverse lookup to bypass authentication inherently insecure? If the person making the attempt controls their own reverse lookup then they can respond with anything they'd like to.

 

 

I don't know if there is a whois capability in irules, but that would be the only way I would "trust" who truly owns the source IP. Even there, the would be some challenges. Reverse lookups by themselves though... hmm. My security feelers are tingling.