Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

dyobbs_25515's avatar
dyobbs_25515
Icon for Nimbostratus rankNimbostratus
Jul 18, 2012

IP Intelligence iRule

Hi,     I found this iRule for IP intelligence on the link below. However, when put it on F5, it's giving me an error.     http://support.f5.com/kb/en-us/...
application delivery
dev
devops
irules
BT_90520's avatar
BT_90520
Icon for Nimbostratus rankNimbostratus
Jul 20, 2012
try this 
when HTTP_REQUEST {

   use [HTTP::header values "X-Forwarded-For"] in replacement of [IP::client_addr] if using the x forwarded for testing 
set ip_reputation_categories [IP::reputation [IP::client_addr]]
        set is_reject 0
        if {($ip_reputation_categories contains "Windows Exploits")} {
   set is_reject 1 
} 
        if {($ip_reputation_categories contains "Web Attacks")} {  
set is_reject 1 
} 
if {($ip_reputation_categories contains "Scanners")}{  
set is_reject 1 
} 
if {($ip_reputation_categories contains "Proxy")}{  
set is_reject 1 
} 

    if {($is_reject)} {
        log local0. "Attempted access from malicious IP address 
[IP::client_addr]($ip_reputation_categories), request was rejected"

        HTTP::respond 200 content "


Rejected Request

The request was rejected. 
Attempted access from malicious IP address
"
    }
}