Forum Discussion

Nimbostratus

Jul 18, 2012

IP Intelligence iRule

Hi, I found this iRule for IP intelligence on the link below. However, when put it on F5, it's giving me an error. http://support.f5.com/kb/en-us/...

Nimbostratus

Jul 20, 2012

try this

when HTTP_REQUEST {

   use [HTTP::header values "X-Forwarded-For"] in replacement of [IP::client_addr] if using the x forwarded for testing 
set ip_reputation_categories [IP::reputation [IP::client_addr]]
        set is_reject 0
        if {($ip_reputation_categories contains "Windows Exploits")} {
   set is_reject 1 
} 
        if {($ip_reputation_categories contains "Web Attacks")} {  
set is_reject 1 
} 
if {($ip_reputation_categories contains "Scanners")}{  
set is_reject 1 
} 
if {($ip_reputation_categories contains "Proxy")}{  
set is_reject 1 
} 

    if {($is_reject)} {
        log local0. "Attempted access from malicious IP address 
[IP::client_addr]($ip_reputation_categories), request was rejected"

        HTTP::respond 200 content "


Rejected Request

The request was rejected. 
Attempted access from malicious IP address
"
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)