Forum Discussion

Nimbostratus

Apr 05, 2018

Access Control to URI based on IP with logging

I found a script to block access to a URI based on IP address list and modified it to allow multiple URI. I need to some way add logging so I can see what IP addresses are getting blocked. If anyone ...

Cumulonimbus

Apr 05, 2018

Hello,

you can just add log command in order to send logs you define in /var/log/ltm. This logs is send to your syslog server if you configure IT. Then you can just enter the following command in order to retrieve all blocked user:

more /var/log/ltm | grep 'Blocked'

or (for gz file)

zcat /var/log/ltm.1.gz | grep 'Blocked'

when HTTP_REQUEST {
if { [class match [HTTP::uri]] equals ibp-uri } {
    if { [class match [IP::client_addr] equals ifbyphone] } {
         Let the request pass...
    } else {
        HTTP::respond 403 content "Access Denied"
        log local0. "Blocked IP: [IP::client_addr]"
    }        
} else {
     Let the request pass...   
}
}

If you want to send this logs directly to your Syslog server you can use HSL (better performance). And you can easly set notification for this use case.

Regards

Forum Discussion

Access Control to URI based on IP with logging

Recent Discussions

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Related Content

Overview of API Access Control and implementing API key access control with BIG-IP APM

API Security: How to implement API Access Control with F5

iControl REST Fine-Grained Role Based Access Control

Privileged Access in Action: Technical Controls for Real-World Environments

Mitigating OWASP Web Application Risk: Broken Access Control using BIG-IP