Forum Discussion
VRI_341747
Nimbostratus
NimbostratusAccess Control to URI based on IP with logging
I found a script to block access to a URI based on IP address list and modified it to allow multiple URI. I need to some way add logging so I can see what IP addresses are getting blocked. If anyone ...
youssef1
Cumulonimbus
CumulonimbusHello,
you can just add log command in order to send logs you define in /var/log/ltm. This logs is send to your syslog server if you configure IT. Then you can just enter the following command in order to retrieve all blocked user:
more /var/log/ltm | grep 'Blocked'
or (for gz file)
zcat /var/log/ltm.1.gz | grep 'Blocked'
when HTTP_REQUEST {
if { [class match [HTTP::uri]] equals ibp-uri } {
if { [class match [IP::client_addr] equals ifbyphone] } {
Let the request pass...
} else {
HTTP::respond 403 content "Access Denied"
log local0. "Blocked IP: [IP::client_addr]"
}
} else {
Let the request pass...
}
}
If you want to send this logs directly to your Syslog server you can use HSL (better performance). And you can easly set notification for this use case.
Regards
