For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tyntwitch_13422's avatar
tyntwitch_13422
Icon for Nimbostratus rankNimbostratus
Dec 04, 2013

Block request by IP and send an HTTP response

Just getting into iRules and I want to block a specific IP from being able to access a webpage but return an HTTP response back to the browser. I am attempting to do this, but still not quite getting it right. Can anyone offer a suggestion that would help?

when RULE_INIT { 
  set static::IPBlock "ServerServer Error`-999999 `
                API traffic is currently blocked. Please contact your System Administrator for assistance. BLOCKBLOCK 0
                DISTRIBUTION MESSSAGE "
}
when CLIENT_ACCEPTED {
    if  { [IP::addr [IP::client_addr] equals 172.18.33.226] } {
    set clientIP [IP::client_addr]
    }
when HTTP_REQUEST {
    if {$clientIP eq 172.18.33.226}
    HTTP::respond 200 content "${static::IPBlock}"
        }
    }
application delivery
deployment
devops
iRules

1 Reply

  • uni's avatar
    uni
    Icon for Altocumulus rankAltocumulus
    Dec 04, 2013

    The CLIENT_ACCEPTED event is not required. [IP::client_addr] is available in the HTTP_REQUEST event. There is a bracket missing after the 'if' in the HTTP_REQUEST event. You should use the IP::addr command to compare IP addresses

    when HTTP_REQUEST {
    if {[IP::addr [IP::client_addr] equals 172.18.33.226]} {
        HTTP::respond 200 content "${static::IPBlock}"
    }
}

    Your use of a static variable to hold the response is ok, but I would consider using an iFile, which makes it easier to manage.