Is there F5 ip intelligence based on domain/FQDN (domain intelligence)?

Question

I ask this question because for example for email security an email can be blocked if the source IP and/or source domain (DNS FQDN) are in a blacklist. From what I read the F5 Ip intelligence provides only a feed for bad IP addresses but there are attackers that use DYNAMIC DNS: DATA EXFILTRATION can change the domain related ip addresses very often and this could a usefull feature if not present at the moment.

bernabe_crena · Accepted Answer

Yea! I'm using this codeshare with great sucess!

https://devcentral.f5.com/s/articles/dns-interception-protecting-the-client

this code validates the query FQDN with URL Feed and also can validate the response with IPI.

keesvandenbos · Answer

No, only bad IP addresses.

nikoolayy1 · Answer

Thanks for the answer.

nikoolayy1 · Answer

Aha , so with the SWG URL database I can create data groups and then use them in an iRule including and irule HTTP requests(when HTTP_REQUEST) or for the DNS requests (when DNS_REQUEST ) :)

create ltm data-group internal dns_request_url_categories_dg type string

modify ltm data-group internal dns_request_url_categories_dg records add {"Adult_Content"}

F5 needs to better document this solution as it seems to not be well known.

Also maybe with the SIDEBAND function I can reference also a free URL/FQDN database, using HTTP(S) as the communication protocol, in the iRule and use it in checking the DNS FQDN domains or URLs. Again thanks for the idea.

https://clouddocs.f5.com/api/irules/SIDEBAND.html

https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-Chunked-Transfer-APM-Access-etc.html

Forum Discussion

Is there F5 ip intelligence based on domain/FQDN (domain intelligence)?

4 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

The Power of IP Intelligence (IPI)

Enriching AFM with public domain Threat Intelligence

Intelligent Proxy Steering - Office365

IP-Intelligence and IP-Shunning

About IP intelligence