Block requests by reverse DNS record

Problem this snippet solves: This iRule performs a reverse DNS lookup on the client IP address and blocks any which don't match a specific top level domain. This specific example sends an HTTP respo...
Published Mar 16, 2015
Version 1.0
application delivery
devops
iRules
security
Heinrichm5's avatar
Heinrichm5
Icon for Altocumulus rankAltocumulus
Feb 12, 2020

Thank you, John, this is exactly the snippet I needed to get the lookup to work

For anyone else needing this snippet I've formatted it as code

Not certain I've inserted all the new lines needed.

 

when RULE_INIT { 
#	Set debug to 0 for no logging 
#	Set debug to 1 to just log blocks 
#	Set debug to 2 to log blocks and valid requests 
 
	set static::debug 1 
 
	#Ensure this points to your Data Group 
	set static::domain_blacklist_dg "domain_block_blacklist" 
 
	#Set IP for your DNS Server 
	set static::my_dns 192.168.10.1 
	#Set name of VS if using a local Virtual Server 
	#set static::my_dns my_dns_vs 
} 
 
 
when CLIENT_ACCEPTED { 
	set do_lookup 1 
	set is_blocked 0 
	set full_domain "" 
	set base_domain "" 
 
	if { $static::debug > 1 } { log local0. "Connection Accepted from IP_Addr:[IP::remote_addr]" } 
} 
 
 
when HTTP_REQUEST { 
	if { $static::debug > 1 } { 
		log local0. "Processing Request from IP_Addr:[IP::remote_addr]" 
		log local0. "Do Lookup: $do_lookup Is Blocked: $is_blocked" 
		log local0. "My_DNS: $static::my_dns" 
	} 
	if { $do_lookup } { 
		# grab the client base domain reverse lookup of IP Address 
		set full_domain [RESOLV::lookup @$static::my_dns inet -ptr [IP::remote_addr]] 
		
		#grab the base domain (top level plus subdomain) from full_domain 
		set base_domain [join [lrange [split $full_domain .] end-1 end] .] 
		set do_lookup 0 
	} 
 
	if { $is_blocked } { 
		if { $static::debug > 0 } { 
			log local0. "IP_Addr:[IP::remote_addr] Reverse_Lookup:$base_domain blacklisted (Already Blocked)" 
			log local0. "Full Domain: $full_domain" } send a TCP reset reject 
		} else { 
			if { [class match $base_domain contains $static::domain_blacklist_dg] } { 
				if { $static::debug > 0 } { 
					log local0. "IP_Addr:[IP::remote_addr] Reverse_Lookup:$base_domain blacklisted (Blocked)" 
					log local0. "Full Domian: $full_domain" 
				} 
				set is_blocked 1 
				
				#send a TCP reset 
				reject 
			} else { 
				if { $static::debug > 1 } { 
					log local0. "IP_Addr:[IP::remote_addr] Reverse_Lookup:$base_domain $full_domain Accepted" 
				} 
			}
		}
}