Blocking thousands of IP addreses (botnet)

Many thanks for the quick reply hoolio!

 

 

We are not being ddos'ed, but rather being scraped for data with requests that are coming from hundreds of different IP addresses, and many different spoofed user agent headers. There are patterns to the requests but at the same time these can look like normal user generated requests too - therefore we'd have to be very very careful in how we code any irule that looks at patterns.

 

 

It's quite interesting looking into this - but unfortunately quite time critical as well, so we wouldn't be able to look into the asm option (at least for this particular attack that is happening at the moment). I will look at writing something to check IPs against this botnet database - we already have something similar in place for tor nodes that we download every day.