Filter
Top Products
ProxySG Content Policy Language Guide
268
restrict rdns
This definition restricts reverse DNS lookups and is useful in installations where access to reverse
DNS resolution is limited or problematic. The definition has no name. It is global to policy evaluation
and is not directly referenced by any rules.
If the requested URL specifies the host in IP form, no reverse DNS lookup is performed to match any
category=, url=, url.domain=, or url.host= condition.
The special token all matches all subnets, and therefore can be used to restrict all policy-based reverse
DNS lookups.
If a lookup is required to evaluate the trigger, the trigger evaluates to false.
A
restrict rdns definition may appear multiple times in policy. The compiler attempts to coalesce
these definitions, and may emit various errors or warnings while coalescing if the definition is
contradictory or redundant.
Syntax
restrict rdns
restricted_subnet_list
except
exempted_subnet_list
end
where
•
restricted_subnet_list—Subnets for which reverse DNS lookup is restricted.
•
exempted_subnet_list—Subnets exempt from the reverse DNS restriction. Policy is able to use
reverse DNS lookups when evaluating policy related to these subnets.
Layer and Transaction Notes
Applies to all layers and transactions.
Example
The following definition restricts reverse DNS resolution for all but the 10.10.100.0/24 subnet:
restrict rdns
all
except
10.10.100.0/24
end
See Also
• Conditions:
category=, url=, server_url=
• Definitions: restrict dns