Drop or Blacklisting any source IP when request status is illegal or blocked

Question

Hi all,&nbsp;&nbsp;Do I have to drop or put to blacklist all requests by "source" IP addresses when they make 5 attacks requests in 5 minutes?For example:I have 5 attacks with status (Http protocol compliance field and Access from malicious IP address) from one and the same IP address and i want to drop each next request for the next 2 hours or move it to blacklist IP address.

ivan_chernenkii · Answer

Hello,&nbsp;You can do it via "Session Awareness" feature ("Security&nbsp;››&nbsp;Application Security : Session Tracking" page) - you just need to set your criteria and set "Block All" period... or you can put them into blacklist IP addresses, if you want.&nbsp;Thanks, Ivan

Forum Discussion

Drop or Blacklisting any source IP when request status is illegal or blocked

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

With the ASM, can illegal requests be CSV exported?

Global Blacklist or Whitelist

Logging DNS Requests

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

Distributed caching of authentication requests with NGINX Ingress Controller

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS