Forum Discussion
CirrusAbout shun list for L7 DDoS?
Hello everyone,
I'm having some problems setting up my L7 DDoS settings.
I can successfully run the L7 DDoS defense against source IP in the settings.
According to the article linked below, when detected by F5 L7 DDoS, it will be added to a shun list first.
I can currently find out about which IPs are being blocked also in the following screen...
Is there any way to find out which IPs are currently on the shun list by L7 DDoS ?
If I find that a Source IP is currently being blocked by L7 DDoS, is there any way to unblock it?
Any help is appreciate.
Thanks.
2 Replies
- LiefZimmerman
Admin
SanYang - looks like this never got any attention. Were you ever able to figure anything out?
- LiefZimmerman
Using AI Assisted search on MyF5 I found this.
Does this help?Generated answer - Beta
To figure out which IP addresses are added to the shun list by L7 DDoS, you can create an IP intelligence policy that blocks traffic from IP addresses in a specific blacklist category. This policy will cause traffic from those IP addresses to be dropped temporarily. By associating this IP intelligence policy with a virtual server, you can effectively identify and block the IP addresses added to the shun list by L7 DDoS.
References:
https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/using-shun-with-layer-7-dos.html
