Forum Discussion
JamesS_40157
Nimbostratus
Dec 02, 2010Blocking thousands of IP addreses (botnet)
Hi all, We have the following iRule on our F5 Big-IP 3400, which allows us to block IP addresses that are listed in an IP list (such as spiders, scrapers etc): ...
hoolio
Cirrostratus
Dec 02, 2010Hi James,
I don't think ~100k entries in a datagroup will kill a 3400, but it would be good to test it with your highest expected load.
If it's a bot network doing a DDOS, I imagine a lot of IP's wouldn't be known in advance though. What are the bots scanning? Is it a web app? Are there any patterns to the requests? You might be able to use an iRule to check the HTTP requests rather than a static (and potentially outdated) list of bad client IPs.
ASM would be an ideal option for this as it gives a lot of simpler options for detecting and blocking bots.
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects