URL Filtering based on DNS Request

Question

hi, customer is looking a solution to address a URL filtering requirement.
They have an existing database to block the user from going this.
They have F5 on the DNS servers, wanted to explore how the BIG-IP can help them.
Questions:
1. Can F5 block URL based on the DNS request?
2. How about HTTPS?
3. How about when user uses the IP address equivalent of the URL?&nbsp;
How to do it on iRules? Any help appreciated. thanks!&nbsp;

cory_50405 · Answer

We do something called DNS blackhole.  Basically we create a list of known malicious domains that we want to block and when a DNS request arrives for one of those domains, we send back a response to a custom splash page rather than the malicious content.  You can read about it here:&nbsp;
https://devcentral.f5.com/articles/v111-dns-blackhole-with-irules.U2M6-lea8Tg&nbsp;

kevin_stewart · Answer

If I may add, you need either GTM or DNS services licensed to be able to control DNS responses. This would affect who could get a response and potentially what DNS resolution response was returned. &nbsp;

Can F5 block URL based on the DNS request?

It depends entirely on what your database looks like, but if say it's based on source IP addresses, then you can absolutely respond to a DNS request differently based on that. You could also filter this traffic at the application VIP itself, given a source address filter or potentially some other value that uniquely identifies a user.&nbsp;

How about HTTPS?

DNS wouldn't care about the protocol of the resolved host. It would only care about the host name and corresponding IP address. Doing the same at the application VIP would also be possible, especially if filtering on source IP address.&nbsp;

How about when user uses the IP address equivalent of the URL?

If the user is using an IP address to get to the VIP, then a DNS-based solution wouldn't help you. Again, if you're filtering on user source IP address, then this can be reasonably accomplished at the application VIP.&nbsp;

mohamed_lrhazi · Answer

I think your question is not really URL filtering based on DNS request... but just URL filtering :) There are vendors our there specialized in this, I think bluecoat is one such vendor... Basically, you need to deny all access to the Internet, and force everyone to use your proxy servers, who would then decide whether to service any given request or not, based on various criteria.... Squid proxy server is an open source option too.&nbsp;
F5 LTM could be used to act as a proxy server, using an iRule, search for "iRule" "proxy" or such keywords... &nbsp;

dyobbs_25515 · Answer

thanks guys for the inputs. Let me try those.&nbsp;

Forum Discussion

URL Filtering based on DNS Request

4 Replies

Recent Discussions

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Related Content

F5 AWAF - bypass request based on the pressence of a request header - value

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

iRule based RADIUS Client Stack

iRule based RADIUS Health Monitor Builder