Forum Discussion
spalande
Nacreous
Interesting one. Never tried it, but you can give a try using below. Let us know how testing goes. (note - please check the country code again)
when HTTP_REQUEST {
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if {([$ip_reputation_categories contains "Spam Sources"]) and ([[whereis [IP::client_addr] country] equals "NP"])} {
} else {
drop
}
}
Nishal_Rai
May 01, 2024Cirrocumulus
Hi spalande
Thanks for sharing the iRule, but after few minutes of implementing on the virtual server, the corresponding application stopped working.
Since there were no logs generated on Event Logs > Application, to confirm whether the new requests were being blocked as "Spam Sources" and there no entry related to IPI on "/var/log/ltm" so, it was difficult to address the root cause behind the issue.
(However when the "Block" mode on "Spam Sources" on IPI was configured, the issue was discovered.)
(However when the "Block" mode on "Spam Sources" on IPI was configured, the issue was discovered.)
So just want to confirm, does the request accepted by iRule is not logged by F5 BIG-IP?
or do we need to add something on iRule to at least flag the request as "illegal" (like just "Alarm" mode) for "Spam Sources" of Nepal geolocation, so that we can troubleshoot.