Forum Discussion
Nishal_Rai
Apr 25, 2024Cirrocumulus
Can iRule be used to perform exception of IPI category based on Geolocation
Hi Everyone, Can we configure iRule to perform exception on certain IPI category like "Spam Sources" based on Geolocation. For instance, I want to bypass the mitigation enforced on "Spam Sour...
spalande
Nacreous
My bad. Else condition is rejecting all traffic. Try below and I would suggest try on non-prod VIP first.
when HTTP_REQUEST {
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if {([$ip_reputation_categories contains "Spam Sources"]) and (!([[whereis [IP::client_addr] country] equals "NP"]))} {
log local0. "IP from spam sources block: [IP::client_addr]"
drop
} else {
#DO NOTHING
}
}
Nishal_Rai
May 09, 2024Cirrocumulus
spalande
Few lines were also added for the debugging purpose in the provided iRule as discussed before.
when HTTP_REQUEST {
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if {([$ip_reputation_categories contains "Spam Sources"]) and (!([[whereis [IP::client_addr] country] equals "NP"]))} {
log local0. "IP from spam sources block: [IP::client_addr]"
drop
} else {
log local0. "IP from spam sources from Nepal, allow: [IP::client_addr]"
#DO NOTHING
}
}
However after few minutes of attaching the iRule on the virtual server, the application stopped working.
While the following error logs were found on the /var/log/ltm,
May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm1[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm1[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
It seems the iRule is still not valid to check the IPI category variable especially for the
[$ip_reputation_categories contains "Spam Sources"]
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects