For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Techgeeeg_28888

Icon for Nimbostratus rank

Nimbostratus

Aug 06, 2015

Solved

Blocking Traffic from Single IP with block page on ASM

Hi Everyone, I would like to have the experts input on a point, I have ASM running where I want to block the requests from a particular source IP address and the violation page with id should be...

Vsevolod_Petrov
Aug 06, 2015
The following extensions I hope will make the rule more efficient:

when ASM_REQUEST_DONE { if { [ASM::violation count] > 0 } { if { not([class match[IP::client_addr] == "black-list-data-group"]) } { ASM::unblock } } }

You can check sources against the data group.
Apply ASM::unblock action only if there were violations.

Hope this helps.

And do not forget to enable "Trigger ASM iRule Events" option in your policy.

Icon for Nimbostratus rank

Nimbostratus

Aug 08, 2015

Thanks Petrov.... that really helped....

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5