Forum Discussion

dyobbs_25515's avatar
dyobbs_25515
Icon for Nimbostratus rankNimbostratus
Jul 18, 2012

IP Intelligence iRule

Hi,     I found this iRule for IP intelligence on the link below. However, when put it on F5, it's giving me an error.     http://support.f5.com/kb/en-us/...
application delivery
dev
devops
iRules
BT_90520's avatar
BT_90520
Icon for Nimbostratus rankNimbostratus
Jul 20, 2012
try this 
when HTTP_REQUEST {

   use [HTTP::header values "X-Forwarded-For"] in replacement of [IP::client_addr] if using the x forwarded for testing 
set ip_reputation_categories [IP::reputation [IP::client_addr]]
        set is_reject 0
        if {($ip_reputation_categories contains "Windows Exploits")} {
   set is_reject 1 
} 
        if {($ip_reputation_categories contains "Web Attacks")} {  
set is_reject 1 
} 
if {($ip_reputation_categories contains "Scanners")}{  
set is_reject 1 
} 
if {($ip_reputation_categories contains "Proxy")}{  
set is_reject 1 
} 

    if {($is_reject)} {
        log local0. "Attempted access from malicious IP address 
[IP::client_addr]($ip_reputation_categories), request was rejected"

        HTTP::respond 200 content "


Rejected Request

The request was rejected. 
Attempted access from malicious IP address
"
    }
}