For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MaxMedov's avatar
MaxMedov
Icon for Cirrostratus rankCirrostratus
Apr 18, 2023

Block specific Client IP if request contains XYZ

Hi, I need help creating the fastest solution (LTM Policy / iRule / other) to do this:
If client IP = X.X.X.X
and request contains = XYZ
Drop the client / or block by WAF message

Thank you!

security

7 Replies

  • Michael_Saleem's avatar
    Michael_Saleem
    Icon for MVP rankMVP
    Apr 18, 2023

     

    For a very quick solution to match on a single source IP and URI, you could use the following:

    when HTTP_REQUEST {
    if { ( ( [IP::addr [IP::client_addr] equals X.X.X.X] ) && ( [string tolower [HTTP::uri]] contains "xyz" ) ) } {
        drop
    }
}

    However, if you need need it to be more scalable, I would probably use a data group to hold multiple client IP addresses and then maybe another data group or switch -glob statement to match on multiple URIs.

    • CA_Valli's avatar
      CA_Valli
      Icon for MVP rankMVP
      Apr 18, 2023

      I'd just advise to avoid using "string tolower" on HTTP uri instruction, since path is case sensitive.