Forum Discussion
mobile_support_
Nimbostratus
NimbostratusDNS domain blocking using UDP payload
hi, , we are trying to filter some DNS quueries in our bigIP, but face some problems - running version is 10.1 - only LTM license that means we can not use DNS irules statements, so we though about u...
Matt_Breedlove_Nimbostratus
NimbostratusHi Mohamed,
Generally, "matchclass" is deprecated I believe for 10 and 11.x. It would be class match, but that is specific to datagroups. You are not using datagroups correct?
So your statement "matchclass $payload contains "google" wouldnt really make sense, that just looks like a standard string "if" statement with no datagroup.
Secondly, the CLIENT_ACCEPTED event is only the beginning of the layer 4 session. If you want to process the actual data of the layer 4 session and since this is UDP versus TCP/HTTP you would probably want to use the CLIENT_DATA event to try to process and string match the UDP payload data. There may be some portion of the data available to parse in CLIENT_ACCEPTED but you should really process the data portion of the payload in the CLIENT_DATA event unless someone knows better or there is an exception with UDP versus TCP/HTTP