Forum Discussion
Is there F5 ip intelligence based on domain/FQDN (domain intelligence)?
I ask this question because for example for email security an email can be blocked if the source IP and/or source domain (DNS FQDN) are in a blacklist. From what I read the F5 Ip intelligence provides only a feed for bad IP addresses but there are attackers that use DYNAMIC DNS: DATA EXFILTRATION can change the domain related ip addresses very often and this could a usefull feature if not present at the moment.
Yea! I'm using this codeshare with great sucess!
this code validates the query FQDN with URL Feed and also can validate the response with IPI.
- Bernabe_Crena
Yea! I'm using this codeshare with great sucess!
this code validates the query FQDN with URL Feed and also can validate the response with IPI.
Aha , so with the SWG URL database I can create data groups and then use them in an iRule including and irule HTTP requests(when HTTP_REQUEST) or for the DNS requests (when DNS_REQUEST ) :)
create ltm data-group internal dns_request_url_categories_dg type string
modify ltm data-group internal dns_request_url_categories_dg records add {"Adult_Content"}
F5 needs to better document this solution as it seems to not be well known.
Also maybe with the SIDEBAND function I can reference also a free URL/FQDN database, using HTTP(S) as the communication protocol, in the iRule and use it in checking the DNS FQDN domains or URLs. Again thanks for the idea.
No, only bad IP addresses.
Thanks for the answer.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on