Forum Discussion
Help tweaking my iRule
- Jul 19, 2022
The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen. I would use the framework set in the support article and do something like this:
when SERVER_CONNECTED { set ipaddr [IP::remote_addr] set fromCountry [whereis $ipaddr country] if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } { log local0. "Attacker IP [IP::client_addr]" ;# This can be removed/commented out if not required drop } }
You are running into a formatting issue with your datagroup. The datagroup String should be RU and no value necessary. This is a good reference: https://support.f5.com/csp/article/K43383890.
- jlb4350Jul 19, 2022Cirrus
Interesting. So I should just put RU in the string field and nothing in the value field, and that will be my string record, like this:
How about the iRule, does that part look alright?Thank you for your reply and help!
- David_LarsenJul 19, 2022Employee
The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen. I would use the framework set in the support article and do something like this:
when SERVER_CONNECTED { set ipaddr [IP::remote_addr] set fromCountry [whereis $ipaddr country] if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } { log local0. "Attacker IP [IP::client_addr]" ;# This can be removed/commented out if not required drop } }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com