Nishal_Rai
Apr 25, 2024Cirrocumulus
Can iRule be used to perform exception of IPI category based on Geolocation
Hi Everyone,
Can we configure iRule to perform exception on certain IPI category like "Spam Sources" based on Geolocation.
For instance, I want to bypass the mitigation enforced on "Spam Sources" IP intelligence category for "Nepal" -Geolocation specific because of the large false positives on this category.
I found the iRules to enforce the mitigation based on the defined IPI category:
when HTTP_REQUEST {
set ip_reputation_categories [IP::reputation [IP::client_addr]]
set is_reject 0
if {($ip_reputation_categories contains "Windows Exploits")} {
set is_reject 1
}
if {($ip_reputation_categories contains "Web Attacks")} {
set is_reject 1
}
if {($is_reject)} {
log local0. "Attempted access from malicious IP address [IP::client_addr]
($ip_reputation_categories), request was rejected"
HTTP::respond 200 content
"<HTML><HEAD><TITLE>Rejected Request</TITLE>
</HEAD><BODY>The request was rejected. <BR>
Attempted access from malicious IP address</BODY></HTML>"
}
}