Forum Discussion
JamesS_40157
Nimbostratus
Dec 02, 2010Blocking thousands of IP addreses (botnet)
Hi all, We have the following iRule on our F5 Big-IP 3400, which allows us to block IP addresses that are listed in an IP list (such as spiders, scrapers etc): ...
hoolio
Cirrostratus
Dec 03, 2010Hi James,
If the performance for loading the blacklisted IP's is too low, you could consider annother option that someone recently tried:
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1174760/aff/5/showtab/groupforums/Default.aspx
Basically, you could set up a web app which accepts an HTTP request with the client IP set in the query string. The server would respond with an HTTP header indicating whether the client IP was blacklisted or not. Depending on that response you could allow the request through to the pool or drop the request. You'd use an iRule with HTTP::retry to send the sideband request to the blacklist server. See the linked post and the article from Deb in that post for details.
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects