Forum Discussion
Nishal_Rai
Cirrocumulus
CirrocumulusCan iRule be used to perform exception of IPI category based on Geolocation
Hi Everyone, Can we configure iRule to perform exception on certain IPI category like "Spam Sources" based on Geolocation. For instance, I want to bypass the mitigation enforced on "Spam Sour...
spalande
Nacreous
NacreousMy bad. Else condition is rejecting all traffic. Try below and I would suggest try on non-prod VIP first.
when HTTP_REQUEST {
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if {([$ip_reputation_categories contains "Spam Sources"]) and (!([[whereis [IP::client_addr] country] equals "NP"]))} {
log local0. "IP from spam sources block: [IP::client_addr]"
drop
} else {
#DO NOTHING
}
}
Nishal_RaiCirrocumulus
Cirrocumulusspalande
Few lines were also added for the debugging purpose in the provided iRule as discussed before.
when HTTP_REQUEST {
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if {([$ip_reputation_categories contains "Spam Sources"]) and (!([[whereis [IP::client_addr] country] equals "NP"]))} {
log local0. "IP from spam sources block: [IP::client_addr]"
drop
} else {
log local0. "IP from spam sources from Nepal, allow: [IP::client_addr]"
#DO NOTHING
}
}
However after few minutes of attaching the iRule on the virtual server, the application stopped working.
While the following error logs were found on the /var/log/ltm,
May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm1[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm1[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
It seems the iRule is still not valid to check the IPI category variable especially for the
[$ip_reputation_categories contains "Spam Sources"]
