GTM iRule to return alternate DNS result based on user-agent

Question

Hi All,&nbsp;
This is more of a theoretical question at this point, but would it be possible to create an iRule on our GTM that would return a different DNS result based on the incoming client's user-agent setting? Specifically, if we identify it as a sanctioned crawler/bot, we'd like to return the IP address of our standby site, and for everything else, continue to return the DNS result that would point them to the primary site. &nbsp;
I know you can send traffic to a seperate pool on an LTM based on user-agent, but in our case, it would be better to send them to the alternate site, and not just an alternate pool. I've seen an example iRule that would blackhole a DNS request or send to a different site based on incoming source domain, but nothing specifically about doing it based on user-agent.&nbsp;
Like I said, at this point, it's more of a conceptual question at this point. Any feedback would be much appreciated.&nbsp;
Thanks in advance,&nbsp;
-Don&nbsp;
 &nbsp;

kevin_stewart · Answer

If that we're possible it'd solve a lot of other problems, but unfortunately the GTM DNS request doesn't see the user-agent header. That's not visible until the browser makes a layer 7 request to the LTM. It would, however, be trivial to redirect a request to a different site in an LTM iRule. You'd likely have to use an IP address or a different name that resolves to the remote site, but it's still doable. 
&nbsp;  
&nbsp; Do the sanctioned bots come from known IP spaces? &nbsp;

don_whitlow_254 · Answer

Hey Kevin,&nbsp;
Thanks for the reply. That's what I was worried about. We could point the requests to another site at the LTM level, but we need to keep the site name intact. Think googlebot crawling a site. We want to keep the www.mydomain.com results. I know we could do it with a pool of servers in the same datacenter on the LTM, but that would require building out a couple more servers and keeping them in sync with the primary pool. Since we already do that with our standby site in the other datacenter, I was just looking for a way to get some use out of the otherwise under-used servers.&nbsp;
Thanks again for confirming.&nbsp;
-Don&nbsp;
 &nbsp;

Forum Discussion

GTM iRule to return alternate DNS result based on user-agent

2 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

GIS app loading very slow through F5 LTM

HTTP2 iRule manipulation

Apmd memory and swap grows over time

ASM bd daemon crash while processing request body (SIGSEGV) – anyone seen similar behavior?

F5 APM irule to log the VPN session parameters

Related Content

The Ingress NGINX Alternative: F5 NGINX Ingress Controller for the Long Term

The return of DevCentral CodeShare.

F5 RHI Solution an alternative to GSLB load balancing between Datacenters

HTTP throttle alternative

User-Agent Irule to avoid APM policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS