Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 5423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Defining wildcards for hostname to redirect

Hasan Toraman

Hi,

 

I was trying to define wildcards in additional hostnames something like *.xyz.de so when a user enteres anything related to this host he will be redirected to the host. I researched and only found old posts about feature requests but no definite answer if it is implemented or not or will be available in the future?

I have utm 9.

 



This thread was automatically locked due to age.
  • 0

    Hallo Hasan and welcome to the UTM Community!

    Please edit your post above and replace the image with one large enough to read.

    It is not possible to use a wildcard in a network or host definition and it's unlikely that that will ever be possible in the UTM.

    I don't understand what you want to accomplish.  If you can show us an example and say how it is used, then maybe we can find a different solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hi,

    if you try to generate a "wildcard DNS entry" ... this don't work.

    (i testid it with adding *.mydomain.local to an existing host definition and ccc.mydomain.local can't be resolved)


    If you try to use a Wildcard-host within webserver-protection ... i think it is impossible too.

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    You need to think through your goal.  Here is what is possible and appropriate.

    DNS

    DNS Wildcards do not exist because they should not exist.    No one says "Connect me to any old server as long as it is somewhere in example.com"

    The user specifies a host name or an IP address to indicate where they want to go.   If the host name exists, it is converted to an IP address.   If the host name does not exist, the DNS Server return NXDOMAIN - non-existent domain.    This is the way DNS works.

    There is a "default" name.    You can create a host record under example.com without a host qualifier but with an IP address.   This allows the unqualified name "example.com" to act like a host name.  It is commonly used to make the "www." part of a URL optional.   But this is still very different from a wildcard.  If you type "SurpriseMe.example.com", and SurpriseMe does not exist as an DNS record (A, AAAA, or CNAME) you will not get the default entry, you will get NXDOMAIN.

    Web Filtering (outbound)

    You can define a WebSite object and check the box "Apply to subdomains".    This will apply the category, reputation, or tag that you define with both the named domain and any first-level subdomains of that name.    It is very useful, but it does not apply to levels below the first one.   It also has nothing to do with traffic routing, it only applies to whether a site should be allowed or blocked.

    Web Sever (inbound)

    WAF supports Server Name Indication (SNI).   SNI allows multiple websites to exist on the same IP and port because the receiving website is able to route traffic based on the host name in the URL.   WAF actually supports a default website for an IP-Port pair, and I think it uses asterisk as the default indicator - check the help.  I have used SNI with WAF but have not used wildcard WAF sites.   The default site will also be used for URLs that contain an IP address instead of a name.

    However, WAF still will not act as a catchall for a name that does not exist in DNS.   The client has to convert a name to a number in order to send a packet.   It cannot send a packet to a destination without an address.    The SNI function only works after the packet is received, so WAF can only receive a packet for SurpriseMe.example.com if the DNS contains a name-to-number lookup result for SurpriseMe.example.com

  • 0 in reply to DouglasFoster

    What I want to configure is the routing via traefik.
    What traefik does is routing requests to services that need to deal with them.

    For this I need several hostnames. I want to redirect all hostname requests with a certain subdomain to one IP address.
    For example, I want to access a.dev.xyz and b.dev.xyz with one rule if possible, because there are many more services to redirect.
    For now I have added additional hostnames manually and I don't want to do this that way, or is there another solution?


    Edit:

    I have created a DNS Host with a wildcard e.g. (*.dev.xyz.com) and it says it's resolved. Can I further create a NAT rule to route with it?
    For now i have chosen ANY.

    Externally I can connect to traefik and my services.
    But if i want to connect to e.g *.dev.xyz.com within my network it fails.

     

  • 0 in reply to Hasan Toraman

    I have looked at traefix superficially, but I think I understand this part of its design.

    The point of a load balancer is to capture traffic for one hostname/IP address and redirect it to an available pool of backend systems based on available capacity or other rule.   You do not use wildcards at all.

Unfiltered HTML