DNS Black Hole Response Page

Problem this snippet solves:

DNS Black Hole response Page

Code :

# Author: Hugh O.Donnell, F5 Consulting


    # the static HTML pages include the logo that is referenced in HTML as corp-logo.gif
    # intercept requests for this and reply with the image that is stored in an iFile defined in RULE_INIT below
    if {[HTTP::uri] ends_with "/_maintenance-page/corp-logo.png" } {
        # Present
       HTTP::respond 200 content $static::corp_logo

    } else {
        # Request for Blackhole webpage.  Identify what type of block was in place
        switch -glob [class match -value ".]HTTP::host[" ends_with Blackhole_Class ] {
                "virus"     { set block_reason "Virus site" }
                "phishing"     { set block_reason "Phishing site" }
                "generic"     { set block_reason "Unacceptable Usage" }
                default     { set block_reason "Denied Per Policy - Other Sites" }

        # Log details about the blackhole request to the remote syslog server
        log -noname local0. "Blackhole: From [IP::client_addr]:[TCP::client_port] \
          to [IP::local_addr]:[TCP::local_port], [HTTP::request_num], \
          [HTTP::method],[HTTP::uri],[HTTP::version], [HTTP::host],  [HTTP::header value Referer], \
          [HTTP::header User-Agent], [HTTP::header names],[HTTP::cookie names], BH category: $block_reason,"

        # Send an HTML page to the user.  The page is defined in the RULE_INIT event below
        HTTP::respond 200 content "$static::block_page [HTTP::host][HTTP::uri] $static::after_url $block_reason $static::after_block_reason "

when RULE_INIT {
    # load the logo that was stored as an iFile
    set static::corp_logo [ifile get "/Common/f5ball"]

    # Beginning of the block page
    set static::block_page "
        Web Access Denied - Enterprise Network Operations Center

Access has been denied. URL: " set static::after_url "

Your request was denied because it is blacklisted in DNS. Blacklist category: " set static::after_block_reason "

The Internet Gateways are for official use only. Misuse violates policy. If you believe that this site is categorized incorrectly, and that you have a valid business reason for access to this site please contact your manager for approval and the Enterprise Network Operations Center via E-mail: enoc@example.com Please use the Web Access Request Form and include a business justification.   Only e-mail that originates from valid internal e-mail addresses will be processed. If you do not have a valid e-mail address, your manager will need to submit a request on your behalf.

Generated by bigip1.f5.com.

" }
Published Mar 17, 2015
Version 1.0

Was this article helpful?