Forum Discussion

Nimbostratus

Jun 18, 2014

DNS domain blocking using UDP payload

hi, , we are trying to filter some DNS quueries in our bigIP, but face some problems - running version is 10.1 - only LTM license that means we can not use DNS irules statements, so we though about u...

Nimbostratus

Jun 22, 2014

I ran into the same issue. Here is something that might work.

It was taken from

https://devcentral.f5.com/wiki/iRules.fast_DNS.ashx

when CLIENT_ACCEPTED {
    binary scan [UDP::payload] H4@12A*@12H* id dname question
     set dname [string tolower [getfield $dname \x00 1 ] ]
    switch -glob $dname {
       "\x03www\x06google\x03com" {
          log local0. "This matches www.google.com"
          drop
       }
   }   
}

I hope this helps

-=Bhattman=-

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

DNS domain blocking using UDP payload

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

domain blocking

Enriching AFM with public domain Threat Intelligence

Blocking domains

Block IP after a number of ASM Blocks

HTTP Payload Collection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS