If I may add, you need either GTM or DNS services licensed to be able to control DNS responses. This would affect who could get a response and potentially what DNS resolution response was returned.
- Can F5 block URL based on the DNS request?
It depends entirely on what your database looks like, but if say it's based on source IP addresses, then you can absolutely respond to a DNS request differently based on that. You could also filter this traffic at the application VIP itself, given a source address filter or potentially some other value that uniquely identifies a user.
- How about HTTPS?
DNS wouldn't care about the protocol of the resolved host. It would only care about the host name and corresponding IP address. Doing the same at the application VIP would also be possible, especially if filtering on source IP address.
- How about when user uses the IP address equivalent of the URL?
If the user is using an IP address to get to the VIP, then a DNS-based solution wouldn't help you. Again, if you're filtering on user source IP address, then this can be reasonably accomplished at the application VIP.