For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

DNS Black Hole Response Page

Problem this snippet solves:

DNS Black Hole response Page

Code :

# Author: Hugh O.Donnell, F5 Consulting

when HTTP_REQUEST {

    # the static HTML pages include the logo that is referenced in HTML as corp-logo.gif
    # intercept requests for this and reply with the image that is stored in an iFile defined in RULE_INIT below
    if {[HTTP::uri] ends_with "/_maintenance-page/corp-logo.png" } {
        # Present
       HTTP::respond 200 content $static::corp_logo

    } else {
        # Request for Blackhole webpage.  Identify what type of block was in place
        switch -glob [class match -value ".]HTTP::host[" ends_with Blackhole_Class ] {
                "virus"     { set block_reason "Virus site" }
                "phishing"     { set block_reason "Phishing site" }
                "generic"     { set block_reason "Unacceptable Usage" }
                default     { set block_reason "Denied Per Policy - Other Sites" }
        }

        # Log details about the blackhole request to the remote syslog server
        log -noname local0. "Blackhole: From [IP::client_addr]:[TCP::client_port] \
          to [IP::local_addr]:[TCP::local_port], [HTTP::request_num], \
          [HTTP::method],[HTTP::uri],[HTTP::version], [HTTP::host],  [HTTP::header value Referer], \
          [HTTP::header User-Agent], [HTTP::header names],[HTTP::cookie names], BH category: $block_reason,"

        # Send an HTML page to the user.  The page is defined in the RULE_INIT event below
        HTTP::respond 200 content "$static::block_page [HTTP::host][HTTP::uri] $static::after_url $block_reason $static::after_block_reason "
    }   
}


when RULE_INIT {
    # load the logo that was stored as an iFile
    set static::corp_logo [ifile get "/Common/f5ball"]

    # Beginning of the block page
    set static::block_page "
        
        
        Web Access Denied - Enterprise Network Operations Center
        
        
        
        
        
        
        
        

 
                   

                        
                        

                             
\"Enterprise

                        

                    

                    

                    

                        
Access has been denied. URL: "

    set static::after_url "
 
                    Your request was denied because it is blacklisted in DNS. 
                    Blacklist category: "

    set static::after_block_reason "
                    

                    The Internet Gateways are for official use only. Misuse violates policy.
                    If you believe that this site is categorized incorrectly, and that you have a valid business
                    reason for access to this site please contact your manager for approval
                    and the Enterprise Network Operations Center via
                    
                    E-mail: enoc@example.com 
                    Please use the Web Access Request Form and include a business justification.
                     
                    Only e-mail that originates from valid internal e-mail addresses will be processed. 
                    If you do not have a valid e-mail address, your manager will need to submit a request on your behalf.
                    
                    

                    Generated by bigip1.f5.com.
                

                

            

             
        "
}
Published Mar 17, 2015
Version 1.0
application delivery
devops
dns
iRules