For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Denis_Jo's avatar
Denis_Jo
Icon for Nimbostratus rankNimbostratus
Aug 04, 2020

Drop or Blacklisting any source IP when request status is illegal or blocked

Hi all,

 

 

Do I have to drop or put to blacklist all requests by "source" IP addresses when they make 5 attacks requests in 5 minutes?

For example:

I have 5 attacks with status (Http protocol compliance field and Access from malicious IP address) from one and the same IP address and i want to drop each next request for the next 2 hours or move it to blacklist IP address.

BIG-IP
devops
F5 Rules for AWS WAF

1 Reply

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Aug 06, 2020

    Hello,

     

    You can do it via "Session Awareness" feature ("Security ›› Application Security : Session Tracking" page) - you just need to set your criteria and set "Block All" period... or you can put them into blacklist IP addresses, if you want.

     

    Thanks, Ivan