Block requests by reverse DNS record
Problem this snippet solves:
This iRule performs a reverse DNS lookup on the client IP address and blocks any which don't match a specific top level domain. This specific example sends an HTTP response. But you could also send a TCP reset using reject.
Note that due to a bug ( BZ 340659 ) with RESOLV::lookup's handling of PTR records, we use the older NAME::lookup command. See the RESOLV::lookup wiki page for details on the issue.
Code :
when CLIENT_ACCEPTED { # Trigger a name lookup for new connections set do_lookup 1 log local0. "[IP::client_addr]:[TCP::client_port]: New connection to [IP::local_addr]:[TCP::local_port]" } when HTTP_REQUEST { # Check if we haven't done a lookup already on this connection if { $do_lookup }{ log local0. "[IP::client_addr]:[TCP::client_port]: Collecting HTTP for new lookup" # Hold HTTP data until client IP address is resolved HTTP::collect # Start a name resolution on the client IP address NAME::lookup -ptr [IP::client_addr] } } when NAME_RESOLVED { # FQDN of client IP address set ptr [string tolower [NAME::response]] log local0. "[IP::client_addr]:[TCP::client_port]: Lookup result: $ptr" # Check if ptr record ends with .mil if { $ptr ends_with ".mil" } { # Release HTTP data for .mil addresses and track that we've done a lookup for this connection log local0. "[IP::client_addr]:[TCP::client_port]: Valid ptr, releasing HTTP" set do_lookup 0 HTTP::release } else { # PTR record does not end with ".mil", reject the connection log local0. "[IP::client_addr]:[TCP::client_port]: Invalid PTR, blocking HTTP request." HTTP::respond 403 content "Invalid PTR!\r\n" TCP::close } }
Published Mar 16, 2015
Version 1.0