Forum Discussion

Nimbostratus

Aug 12, 2011

F5 iRule to reject/allow outbound access based on URI, DNS

because we have a FW that allows access outbound based on IP only, wondering if there is a way in the F5 to allow outbound access or reject access based on URI or DNS lookups. example: webse...

Historic F5 Account

Aug 12, 2011

Yes, you can certainly do this as long as your webservers are routing through the BIG-IP. This would just require a simple iRule on whatever internal VIP the servers are routing through to inspect the HTTP request and deny based on host.

Something like:


when HTTP_REQUEST {
  if {[HTTP::host] ne "www.yahoo.com" } {
    reject
  }
}

Obviously that's very simple, but that's the basic idea.

Colin

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 iRule to reject/allow outbound access based on URI, DNS

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Lightboard Lessons: SSL Outbound Visibility

Behavior of outbound DNS query from LTM behavior

Outbound SFTP

OWASP Tactical Access Defense Series: Unrestricted Resource Consumption

F5's Access Policy Manager the Access Proxy for Zero Trust Architectures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS