DNS Black Hole Response Page
Problem this snippet solves:
DNS Black Hole response Page
Code :
# Author: Hugh O.Donnell, F5 Consulting
when HTTP_REQUEST {
# the static HTML pages include the logo that is referenced in HTML as corp-logo.gif
# intercept requests for this and reply with the image that is stored in an iFile defined in RULE_INIT below
if {[HTTP::uri] ends_with "/_maintenance-page/corp-logo.png" } {
# Present
HTTP::respond 200 content $static::corp_logo
} else {
# Request for Blackhole webpage. Identify what type of block was in place
switch -glob [class match -value ".]HTTP::host[" ends_with Blackhole_Class ] {
"virus" { set block_reason "Virus site" }
"phishing" { set block_reason "Phishing site" }
"generic" { set block_reason "Unacceptable Usage" }
default { set block_reason "Denied Per Policy - Other Sites" }
}
# Log details about the blackhole request to the remote syslog server
log -noname local0. "Blackhole: From [IP::client_addr]:[TCP::client_port] \
to [IP::local_addr]:[TCP::local_port], [HTTP::request_num], \
[HTTP::method],[HTTP::uri],[HTTP::version], [HTTP::host], [HTTP::header value Referer], \
[HTTP::header User-Agent], [HTTP::header names],[HTTP::cookie names], BH category: $block_reason,"
# Send an HTML page to the user. The page is defined in the RULE_INIT event below
HTTP::respond 200 content "$static::block_page [HTTP::host][HTTP::uri] $static::after_url $block_reason $static::after_block_reason "
}
}
when RULE_INIT {
# load the logo that was stored as an iFile
set static::corp_logo [ifile get "/Common/f5ball"]
# Beginning of the block page
set static::block_page "
Web Access Denied - Enterprise Network Operations Center
![\"Enterprise](\"/_maintenance-page/corp-logo.png\")
Access has been denied. URL: "
set static::after_url "
The Internet Gateways are for official use only. Misuse violates policy.
If you believe that this site is categorized incorrectly, and that you have a valid business
reason for access to this site please contact your manager for approval
and the Enterprise Network Operations Center via
E-mail: enoc@example.com
Please use the Web Access Request Form and include a business justification.
Only e-mail that originates from valid internal e-mail addresses will be processed.
If you do not have a valid e-mail address, your manager will need to submit a request on your behalf.
Generated by bigip1.f5.com.
"
}Published Mar 17, 2015
Version 1.0
jwham20
Nimbostratus
Nimbostratusjwham20Nimbostratus
Nimbostratus
Jay_Shankar_SinHi, I've used the blackhole iRule https://devcentral.f5.com/articles/v111-dns-blackhole-with-irules, sometimes it blocked the genuine page as well, and i changed few option like instead of ends_with, used eq or contains, then i saw CPU usage is very high. If possible, can we modify the iRule that control the CPU usage and it work properly. Thanks.....Jay