Forum Discussion
MaxMedov
Apr 18, 2023Cirrostratus
Block specific Client IP if request contains XYZ
Hi, I need help creating the fastest solution (LTM Policy / iRule / other) to do this: If client IP = X.X.X.X and request contains = XYZ Drop the client / or block by WAF message Thank you! ...
Apr 18, 2023
For a very quick solution to match on a single source IP and URI, you could use the following:
when HTTP_REQUEST {
if { ( ( [IP::addr [IP::client_addr] equals X.X.X.X] ) && ( [string tolower [HTTP::uri]] contains "xyz" ) ) } {
drop
}
}
However, if you need need it to be more scalable, I would probably use a data group to hold multiple client IP addresses and then maybe another data group or switch -glob statement to match on multiple URIs.
- CA_ValliApr 18, 2023MVP
I'd just advise to avoid using "string tolower" on HTTP uri instruction, since path is case sensitive.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects