Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Is there F5 ip intelligence based on domain/FQDN (domain intelligence)?

Go to solution
Nikoolayy1
MVP
MVP

‎21-Mar-2021 05:34

I ask this question because for example for email security an email can be blocked if the source IP and/or source domain (DNS FQDN) are in a blacklist. From what I read the F5 Ip intelligence provides only a feed for bad IP addresses but there are attackers that use DYNAMIC DNS: DATA EXFILTRATION can change the domain related ip addresses very often and this could a usefull feature if not present at the moment.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Bernabe_Crena
F5 Employee
F5 Employee

‎10-May-2021 08:12

Yea! I'm using this codeshare with great sucess!

https://devcentral.f5.com/s/articles/dns-interception-protecting-the-client

this code validates the query FQDN with URL Feed and also can validate the response with IPI.

View solution in original post

4 REPLIES 4

Go to solution
KeesvandenBos
MVP
MVP

‎10-May-2021 05:10

No, only bad IP addresses.

Go to solution
Nikoolayy1
MVP
MVP
In response to KeesvandenBos

‎10-May-2021 07:06

Thanks for the answer.

0 Kudos

Go to solution
Bernabe_Crena
F5 Employee
F5 Employee

‎10-May-2021 08:12

Yea! I'm using this codeshare with great sucess!

https://devcentral.f5.com/s/articles/dns-interception-protecting-the-client

this code validates the query FQDN with URL Feed and also can validate the response with IPI.

Go to solution
Nikoolayy1
MVP
MVP
In response to Bernabe_Crena

‎12-May-2021 01:45

Aha , so with the SWG URL database I can create data groups and then use them in an iRule including and irule HTTP requests(when HTTP_REQUEST) or for the DNS requests (when DNS_REQUEST ) 🙂

 

create ltm data-group internal dns_request_url_categories_dg type string

modify ltm data-group internal dns_request_url_categories_dg records add {"Adult_Content"}

 

 

F5 needs to better document this solution as it seems to not be well known.

 

 

 

 

Also maybe with the SIDEBAND function I can reference also a free URL/FQDN database, using HTTP(S) as the communication protocol, in the iRule and use it in checking the DNS FQDN domains or URLs. Again thanks for the idea.

 

 

https://clouddocs.f5.com/api/irules/SIDEBAND.html

 

https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-C...

0 Kudos
Copyright © 2023 Khoros, LLC