Forum Discussion

Altocumulus

Jul 09, 2025

How to Block Source IP for 24 Hours After TPS Violation (F5 DoS / iRule / SSL Proxy Setup)

Hi everyone, We are currently working on a traffic management requirement and would appreciate your input. Requirement: We want to implement a mechanism that blocks a source IP for 24 hours once i...

application delivery

security

VGF5

Cumulonimbus

Jul 09, 2025

Hi heenakhanam0708

The HTTP_REQUEST event only triggers on HTTP traffic after SSL decryption and with an HTTP profile assigned. If you want to block at the TCP or IP level (before HTTP parsing), you can use the CLIENT_ACCEPTED event instead, which works on all TCP connections.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to Block Source IP for 24 Hours After TPS Violation (F5 DoS / iRule / SSL Proxy Setup)

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 BIG IP laboratory license

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Less than 60 seconds lab setup

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

Phishing, Malware, Breach and Open-Source Security

Separating False Positives from Legitimate Violations

How to Setup Shape Log Analysis in Fastly

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS