F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Scott_Larson's avatar
Scott_Larson
Icon for Nimbostratus rankNimbostratus
Jul 03, 2007

Block until NAME::lookup returns?

For my iRule, I need to perform a reverse DNS lookup, and determine if a client IP is from a domain ending in .mil or .gov. This determines whether or not they need to authenticate. The authentication works fine; even the NAME::lookup works fine (thru much trial and tribulation due to lacking documentation!!!) The problem is that since NAME::lookup is an asynchronous function, I need to block (wait) all HTTP requests until the lookup returns and I can determine whether the client is or isn't from .mil/.gov. The lookup is quick - nearly immediate - but it's not synchronous.

 

 

How does one block until the NAME_RESOLVED event fires?

 

Or, is there a synchronous version of the NAME::lookup function? or a TCL version of the function that might work?

 

Or does anyone have any other ideas?

 

application delivery
dev
devops
iRules

11 Replies

Show More
  • Chris_Proctor_1's avatar
    Chris_Proctor_1
    Icon for Nimbostratus rankNimbostratus
    Aug 16, 2007
    I know this is a bit off topic, but isn't using the reverse lookup to bypass authentication inherently insecure? If the person making the attempt controls their own reverse lookup then they can respond with anything they'd like to.

     

     

    I don't know if there is a whois capability in irules, but that would be the only way I would "trust" who truly owns the source IP. Even there, the would be some challenges. Reverse lookups by themselves though... hmm. My security feelers are tingling.