Block Source IP using a blocklist hosted on a webserver

You can create an ifile using the following command :

tmsh create sys file ifile blacklist source-path http://hostname.com/uri

and then update it using the following command :

tmsh modify sys file ifile blacklist source-path http://hostname.com/uri

The filesize for a single iFile was raised to 32Mb in 12.1.0. Prior versions limited the size to 4Mb.

Here a nice article on sideband connection that can help you design a lookup using HTTP API :

Advanced iRules: Sideband Connections

Here a small Proof of Concept.

when HTTP_REQUEST {
    set file [ifile get domains]
    log local0. "$file"
    set domain "amazon.co.uk.security-check.ga"
    if { [string match "*$domain*" $file] } {
        log local0. "succeeded"
        HTTP::respond 200 content "ok"
    } else {
        log local0. "failed"
    }
}

Note : should test performance impact, memory consumption and stuff like that before switching something in production

You can create an ifile using the following command :

tmsh create sys file ifile blacklist source-path http://hostname.com/uri

and then update it using the following command :

tmsh modify sys file ifile blacklist source-path http://hostname.com/uri

The filesize for a single iFile was raised to 32Mb in 12.1.0. Prior versions limited the size to 4Mb.

Here a nice article on sideband connection that can help you design a lookup using HTTP API :

Advanced iRules: Sideband Connections

Here a small Proof of Concept.

when HTTP_REQUEST {
    set file [ifile get domains]
    log local0. "$file"
    set domain "amazon.co.uk.security-check.ga"
    if { [string match "*$domain*" $file] } {
        log local0. "succeeded"
        HTTP::respond 200 content "ok"
    } else {
        log local0. "failed"
    }
}

Note : should test performance impact, memory consumption and stuff like that before switching something in production