For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

redheadontherun's avatar
redheadontherun
Icon for Nimbostratus rankNimbostratus
Jul 27, 2016

Block Source IP using a blocklist hosted on a webserver

Currently we utilize a web server to host a blocklist that some of our other security devices use to block IP addresses. It allows us to maintain 1 list for all devices. Can the F5 ASM or LTM utilize...
ASM Advanced WAF
BIG-IP
ifiles
iRules
LTM
security
Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
Jul 27, 2016

Hi,

 

this list can be uploaded as an ifile. You can also do a lookup using sideband connections in irules

 

Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
Jul 27, 2016

Here a small Proof of Concept.

when HTTP_REQUEST {
    set file [ifile get domains]
    log local0. "$file"
    set domain "amazon.co.uk.security-check.ga"
    if { [string match "*$domain*" $file] } {
        log local0. "succeeded"
        HTTP::respond 200 content "ok"
    } else {
        log local0. "failed"
    }
}

Note : should test performance impact, memory consumption and stuff like that before switching something in production