Block URL iRule

Hi Thomas,

According to answers from a similar question stated in the following link iRule Data Group with string and regex , it is not possible to use regex or wildcards in a data group object. However I can not find any formal explanation about it.

as it is DNS we are talking about how about you only store the domain in the datagroup and replace the "contains" operator with "ends_with" in your iRule. I think this will achieve what you want, right? So in the datagroup you only store the core domain you are after e.g. ".google.com" - this will match "; "play.google.com", "docs.google.com" etc because they all end with ".google.com"!

Your current solution with "contains" will also kind of work.... however "contains" means found anywhere within the string, so it will match "; while "ends_with" is what you probably want with DNS

as it is DNS we are talking about how about you only store the domain in the datagroup and replace the "contains" operator with "ends_with" in your iRule. I think this will achieve what you want, right? So in the datagroup you only store the core domain you are after e.g. ".google.com" - this will match "; "play.google.com", "docs.google.com" etc because they all end with ".google.com"!

Your current solution with "contains" will also kind of work.... however "contains" means found anywhere within the string, so it will match "; while "ends_with" is what you probably want with DNS

For those interested, this is the best solution I found :

when DNS_REQUEST {

set lower [string tolower [DNS::question name]]
set q_name_label_split [split $lower "."]
set q_name_label [lindex $q_name_label_split end-1] 

if {[class match $q_name_label equals "URL_blocking"] }{
 log local0. "website blocked [DNS::question name] <$q_name_label> $q_name_label $lower"
 DNS::header rcode NXDOMAIN
 DNS::return
  }  
}

I split the request and get the domain to compare to my list