Forum Discussion

Nimbostratus

Jul 27, 2016

Block Source IP using a blocklist hosted on a webserver

Currently we utilize a web server to host a blocklist that some of our other security devices use to block IP addresses. It allows us to maintain 1 list for all devices. Can the F5 ASM or LTM utilize...

Cirrus

Hi,

this list can be uploaded as an ifile. You can also do a lookup using sideband connections in irules

Yann_Desmarest

Cirrus

Jul 27, 2016

Here a small Proof of Concept.

when HTTP_REQUEST {
    set file [ifile get domains]
    log local0. "$file"
    set domain "amazon.co.uk.security-check.ga"
    if { [string match "*$domain*" $file] } {
        log local0. "succeeded"
        HTTP::respond 200 content "ok"
    } else {
        log local0. "failed"
    }
}

Note : should test performance impact, memory consumption and stuff like that before switching something in production

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Block Source IP using a blocklist hosted on a webserver

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

LTM Monitoring IIS and Webserver Binding

F5 XC vk8s workload with Open Source Nginx

SIKE, DuckDuckGo's Blocklist and F5's QSN - F5 SIRT This Week in Security - July 31st-Aug 6th 2022

Solving for true-source IP with global load balancers in Google Cloud

Go in Plain English: Creating your First WebServer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS