Block requests by reverse DNS record

Problem this snippet solves: This iRule performs a reverse DNS lookup on the client IP address and blocks any which don't match a specific top level domain. This specific example sends an HTTP respo...
Published Mar 16, 2015
Version 1.0
application delivery
devops
iRules
security
John_Beckmann's avatar
John_Beckmann
Icon for Employee rankEmployee
Mar 08, 2016
The bug ( BZ 340659 ) https://support.f5.com/kb/en-us/solutions/public/12000/300/sol12378.html was resolved in 10.2.2, so I am sharing an updated iRule to do this in 11.x ========================================================================== when RULE_INIT { Set debug to 0 for no logging Set debug to 1 to just log blocks Set debug to 2 to log blocks and valid requests set static::debug 1 Ensure this points to your Data Group set static::domain_blacklist_dg "domain_block_blacklist" Set IP for your DNS Server set static::my_dns 192.168.10.1 Set name of VS if using a local Virtual Server set static::my_dns my_dns_vs } when CLIENT_ACCEPTED { set do_lookup 1 set is_blocked 0 set full_domain "" set base_domain "" if { $static::debug > 1 } { log local0. "Connection Accepted from IP_Addr:[IP::remote_addr]" } } when HTTP_REQUEST { if { $static::debug > 1 } { log local0. "Processing Request from IP_Addr:[IP::remote_addr]" log local0. "Do Lookup: $do_lookup Is Blocked: $is_blocked" log local0. "My_DNS: $static::my_dns" } if { $do_lookup } { grab the client base domain reverse lookup of IP Address set full_domain [RESOLV::lookup @$static::my_dns inet -ptr [IP::remote_addr]] grab the base domain (top level plus subdomain) from full_domain set base_domain [join [lrange [split $full_domain .] end-1 end] .] set do_lookup 0 } if { $is_blocked } { if { $static::debug > 0 } { log local0. "IP_Addr:[IP::remote_addr] Reverse_Lookup:$base_domain blacklisted (Already Blocked)" log local0. "Full Domain: $full_domain" } send a TCP reset reject } else { if { [class match $base_domain contains $static::domain_blacklist_dg] } { if { $static::debug > 0 } { log local0. "IP_Addr:[IP::remote_addr] Reverse_Lookup:$base_domain blacklisted (Blocked)" log local0. "Full Domian: $full_domain" } set is_blocked 1 send a TCP reset reject } else { if { $static::debug > 1 } { log local0. "IP_Addr:[IP::remote_addr] Reverse_Lookup:$base_domain $full_domain Accepted" } } } } ==========================================================================