Forum Discussion

krelm_52303's avatar
krelm_52303
Icon for Nimbostratus rankNimbostratus
Jun 27, 2014

Forward HTTP Proxy iRule - Multi DNS and adding URI Whitelist

Am using v3.2 iRule and works great for me. Two things I'd like to do... 1. I need to add a second DNS server (round robin is fine, though would prefer priority group failover).

 

2. Use case is for access to 2 or 3 Domains only. Am I best setting up a 2nd iRule just for this (with simple HTTP Request URI verification, referencing a data class group)? Or can I add this in easily to existing v3.2 irule somewhere?

 

Any help appreciated.

 

2 Replies

    1. I need to add a second DNS server (round robin is fine, though would prefer priority group failover).

    the RESOLV::lookup command makes provisions for either a single DNS server IP or a virtual server name. So in this case, I'd create a port 53 internal VIP that load balances your DNS servers, and then specify that VIP name static::dns.

     

    1. Use case is for access to 2 or 3 Domains only. Am I best setting up a 2nd iRule just for this (with simple HTTP Request URI verification, referencing a data class group)? Or can I add this in easily to existing v3.2 irule somewhere?

    What do you want to do if the domain does not match? You could perhaps very simply add an if { [HTTP::host] equals... clause at the top of the HTTP_REQUEST.

     

  • Hi, I have updated this great iRule "HTTP Forward Proxy - v3.2" and managed to allow only specified internet hosts. But I am not sure how to efficiently allow also all related subsites/subpages (where can be stored images etc.) I was thinking about usage of some local variable, but I need something what is reachable outside of HTTP_REQUEST event, so I was thinking about cookie, but it also might be bad idea.

     

    Has anyone any idea how to automatically whitelist all subsites when primary site is already whitelisted?

     

    Thanks, Zdenek