BIG IP 13.X How to prevent an answer on port scanning

Question

Hi,&nbsp;Actually, I have one 2 VS. One listening on port 80 with an LTM policy to redirect the traffic on the second VS listening on port 443. I'm looking for a solution to prevent the F5 to answer on port 80 to tcp connexion coming from a scan tool.&nbsp;Thanks

spalande · Answer

You can attach iRule to HTTP VIP to reject the traffic coming from the scanning tool. Using data-groupwhen CLIENT_ACCEPTED {
 if { [class match [IP::client_addr] equals scanner_ip] } {
     reject
       } else {
	 return  
	   }
    }Using IP-address within the iRulewhen CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] equals &lt;scannerip&gt; ] } {
     reject
       } else {
	 return  
	   }
    }

joyride_us · Answer

You can redirect the request from port 80 to port 443.( HTTP::redirect ...)

egrebeld · Answer

This way do not prevent the F5 to answer on port scanning&nbsp;

egrebeld · Answer

In this case, how the F5 knows that this a legitimate request and not a port scan ?

spalande · Answer

well, you need to explicitly add IP addresses of scanning tool in the data group "scannerip" or define in the iRule itself.

Forum Discussion

BIG IP 13.X How to prevent an answer on port scanning

6 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

Related Content

Introducing F5 Distributed Cloud Web App Scanning

Advanced iRules: Scan

Advanced iRules: Binary Scan

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS