For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ashwin_Venkat's avatar
Ashwin_Venkat
Icon for Employee rankEmployee
Dec 21, 2017

Hello Lindsay,

 

You can use an iRule or also an LTM policy in order to filter for traffic based on geolocation and reject them. An iRule gives you the opportunity to drop the traffic, so the malicious/suspicious user won't know whether or not their request made it to the end destination. For example, if you want to reject/drop suspicious traffic from Iran, you can use an iRule like this:

 

when CLIENT_ACCEPTED {
    if {[whereis [IP::client_addr] country] == "IR"} { 
        drop
    }
}

For more info on the "whereis" command: https://devcentral.f5.com/wiki/iRules.whereis.ashx

 

The country code you specify for the whereis command within the iRule or the LTM policy is based on ISO-3166-2: https://en.wikipedia.org/wiki/ISO_3166-2