For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Aug 06, 2015
Solved

Blocking Traffic from Single IP with block page on ASM

Hi Everyone,   I would like to have the experts input on a point, I have ASM running where I want to block the requests from a particular source IP address and the violation page with id should be...
unblock
  • Vsevolod_Petrov's avatar
    Vsevolod_Petrov
    Aug 06, 2015

    The following extensions I hope will make the rule more efficient:

    when ASM_REQUEST_DONE {
  if { [ASM::violation count] > 0 } {
    if { not([class match[IP::client_addr] == "black-list-data-group"]) } {
      ASM::unblock
    }
  }
}
    1. You can check sources against the data group.
    2. Apply ASM::unblock action only if there were violations.

    Hope this helps.

    And do not forget to enable "Trigger ASM iRule Events" option in your policy.

Techgeeeg's avatar
Techgeeeg
Icon for Nimbostratus rankNimbostratus
Aug 08, 2015

Hi Petrov,

 

I would like to know one more point is it possible via iRule that we assign the IP to the data_group dynamically based on the counter of violation and block them for selected time period after that they are removed from data_group.

 

Regards,