Forum Discussion
NimbostratusAccess Control to URI based on IP with logging
I found a script to block access to a URI based on IP address list and modified it to allow multiple URI. I need to some way add logging so I can see what IP addresses are getting blocked. If anyone has a better script, I'm open to suggestions. I'm very new to iRules so any help is much appreciated.
Here's the script
when HTTP_REQUEST {
if { [class match [HTTP::uri]] equals ibp-uri } then {
if { [class match [IP::client_addr] equals ifbyphone] } then {
Let the request pass...
} else {
HTTP::respond 403 content "Access Denied"
}
} else {
Let the request pass...
}
}
youssef1Cumulonimbus
Hello,
you can just add log command in order to send logs you define in /var/log/ltm. This logs is send to your syslog server if you configure IT. Then you can just enter the following command in order to retrieve all blocked user:
more /var/log/ltm | grep 'Blocked'
or (for gz file)
zcat /var/log/ltm.1.gz | grep 'Blocked'
when HTTP_REQUEST { if { [class match [HTTP::uri]] equals ibp-uri } { if { [class match [IP::client_addr] equals ifbyphone] } { Let the request pass... } else { HTTP::respond 403 content "Access Denied" log local0. "Blocked IP: [IP::client_addr]" } } else { Let the request pass... } }If you want to send this logs directly to your Syslog server you can use HSL (better performance). And you can easly set notification for this use case.
Regards