Forum Discussion
Block Source IP using a blocklist hosted on a webserver
Currently we utilize a web server to host a blocklist that some of our other security devices use to block IP addresses. It allows us to maintain 1 list for all devices. Can the F5 ASM or LTM utilize such a list...maybe through an iRule or iFile?
Hi,
this list can be uploaded as an ifile. You can also do a lookup using sideband connections in irules
You can create an ifile using the following command :
tmsh create sys file ifile blacklist source-path http://hostname.com/uri
and then update it using the following command :
tmsh modify sys file ifile blacklist source-path http://hostname.com/uri
The filesize for a single iFile was raised to 32Mb in 12.1.0. Prior versions limited the size to 4Mb.
Here a nice article on sideband connection that can help you design a lookup using HTTP API :
Advanced iRules: Sideband Connections
Here a small Proof of Concept.
when HTTP_REQUEST { set file [ifile get domains] log local0. "$file" set domain "amazon.co.uk.security-check.ga" if { [string match "*$domain*" $file] } { log local0. "succeeded" HTTP::respond 200 content "ok" } else { log local0. "failed" } }
Note : should test performance impact, memory consumption and stuff like that before switching something in production
- Yann_Desmarest_Nacreous
Hi,
this list can be uploaded as an ifile. You can also do a lookup using sideband connections in irules
- Yann_Desmarest_Nacreous
You can create an ifile using the following command :
tmsh create sys file ifile blacklist source-path http://hostname.com/uri
and then update it using the following command :
tmsh modify sys file ifile blacklist source-path http://hostname.com/uri
The filesize for a single iFile was raised to 32Mb in 12.1.0. Prior versions limited the size to 4Mb.
- Yann_Desmarest_Nacreous
Here a nice article on sideband connection that can help you design a lookup using HTTP API :
Advanced iRules: Sideband Connections
- Yann_Desmarest_Nacreous
Here a small Proof of Concept.
when HTTP_REQUEST { set file [ifile get domains] log local0. "$file" set domain "amazon.co.uk.security-check.ga" if { [string match "*$domain*" $file] } { log local0. "succeeded" HTTP::respond 200 content "ok" } else { log local0. "failed" } }
Note : should test performance impact, memory consumption and stuff like that before switching something in production
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com