For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Aug 06, 2015
Solved

Blocking Traffic from Single IP with block page on ASM

Hi Everyone,   I would like to have the experts input on a point, I have ASM running where I want to block the requests from a particular source IP address and the violation page with id should be...
unblock
  • Vsevolod_Petrov's avatar
    Vsevolod_Petrov
    Aug 06, 2015

    The following extensions I hope will make the rule more efficient:

    when ASM_REQUEST_DONE {
  if { [ASM::violation count] > 0 } {
    if { not([class match[IP::client_addr] == "black-list-data-group"]) } {
      ASM::unblock
    }
  }
}
    1. You can check sources against the data group.
    2. Apply ASM::unblock action only if there were violations.

    Hope this helps.

    And do not forget to enable "Trigger ASM iRule Events" option in your policy.

Vsevolod_Petrov's avatar
Vsevolod_Petrov
Icon for Cirrostratus rankCirrostratus
Aug 06, 2015

You can definetely do what you want with the following iRule: 

when ASM_REQUEST_DONE {
  if { not([IP::client_addr] == "1.1.1.1/32") }{
    ASM::unblock
  }
}

This will do an ASM::unblock action for any request except those sent from 1.1.1.1/32.