Forum Discussion
srinivas_nory_2
Nimbostratus
NimbostratusIrule to restrict traffic based on domain name
Hello,
I was wondering if there was a way to use an I rule based on the domain name of the host and deny all the traffic apart from those specific domain names ?
Example :
We have a d...
srinivas_nory_2Nimbostratus
NimbostratusHi Maneesh,
Thank you for the quick response, on the http header we are reading the host entry for mydomain.com or mydomian.in, usually this host entry is for the internet host of the resouce being requested.
so machine from the lan with domain mydomain.com / mydomain.in when sends out a request does the http header of host file will be machinename.mydomain.com / machinename.mydomain.in ? Any machine not being on these domain should be rejected.
Can you please let me know if the rule suffices the source based restirction ?
Thanks
TechT_163800The above irule will help only when you are trying to access mydomain.com/mydomain.in urls on your web browser. For your source based requirement, why dont we go with specific subnet instead of domain name ?- srinivas_nory_2Manish, i am having a discussion the source based ip settings but the requirement of the client wanted it to be more with domain based as we have quite a number of domain and network segregation based. So is there a way we can do a source based restirction using domain ?
- TechT_163800i wonder how LB can read source domain names(may be i am lacking here), if it was IP we could have match with "class match [IP::client_addr]"
- srinivas_nory_2I did try the opition to create a data group with strings matching the domain values and called it i rule but havent got the functionality up and running. so was wondering if there is any way to read a host name and filter the traffic.
- TechT_163800Hi Srini, found couple of links which will help you to configure through reverse lookup. have a check : https://devcentral.f5.com/codeshare?sid=452 https://devcentral.f5.com/questions/how-to-select-a-pool-based-on-clients-hostname
