cancel
Showing results for 
Search instead for 
Did you mean: 
jwham20
Altocumulus
Altocumulus

Problem this snippet solves:

DNS Black Hole response Page

Code :

# Author: Hugh O.Donnell, F5 Consulting

when HTTP_REQUEST {

    # the static HTML pages include the logo that is referenced in HTML as corp-logo.gif
    # intercept requests for this and reply with the image that is stored in an iFile defined in RULE_INIT below
    if {[HTTP::uri] ends_with "/_maintenance-page/corp-logo.png" } {
        # Present
       HTTP::respond 200 content $static::corp_logo

    } else {
        # Request for Blackhole webpage.  Identify what type of block was in place
        switch -glob [class match -value ".]HTTP::host[" ends_with Blackhole_Class ] {
                "virus"     { set block_reason "Virus site" }
                "phishing"     { set block_reason "Phishing site" }
                "generic"     { set block_reason "Unacceptable Usage" }
                default     { set block_reason "Denied Per Policy - Other Sites" }
        }

        # Log details about the blackhole request to the remote syslog server
        log -noname local0. "Blackhole: From [IP::client_addr]:[TCP::client_port] \
          to [IP::local_addr]:[TCP::local_port], [HTTP::request_num], \
          [HTTP::method],[HTTP::uri],[HTTP::version], [HTTP::host],  [HTTP::header value Referer], \
          [HTTP::header User-Agent], [HTTP::header names],[HTTP::cookie names], BH category: $block_reason,"

        # Send an HTML page to the user.  The page is defined in the RULE_INIT event below
        HTTP::respond 200 content "$static::block_page [HTTP::host][HTTP::uri] $static::after_url $block_reason $static::after_block_reason "
    }   
}


when RULE_INIT {
    # load the logo that was stored as an iFile
    set static::corp_logo [ifile get "/Common/f5ball"]

    # Beginning of the block page
    set static::block_page "
        
        
        Web Access Denied - Enterprise Network Operations Center
        
        
        
        
        
        
        
        
\"Enterprise

Access has been denied. URL: " set static::after_url "

Your request was denied because it is blacklisted in DNS. Blacklist category: " set static::after_block_reason "

The Internet Gateways are for official use only. Misuse violates policy. If you believe that this site is categorized incorrectly, and that you have a valid business reason for access to this site please contact your manager for approval and the Enterprise Network Operations Center via E-mail: enoc@example.com Please use the Web Access Request Form and include a business justification.   Only e-mail that originates from valid internal e-mail addresses will be processed. If you do not have a valid e-mail address, your manager will need to submit a request on your behalf.

Generated by bigip1.f5.com.

" }
Comments
Jay_Shankar_Sin
Nimbostratus
Nimbostratus
Hi, I've used the blackhole iRule https://tstdmzdevcentral.olympus.f5net.com/articles/v111-dns-blackhole-with-irules, sometimes it blocked the genuine page as well, and i changed few option like instead of ends_with, used eq or contains, then i saw CPU usage is very high. If possible, can we modify the iRule that control the CPU usage and it work properly. Thanks.....Jay
Version history
Last update:
‎17-Mar-2015 13:03
Updated by:
Contributors