IP Reputation and iRule

Hi,

Was wondering if I could get some advice on the following iRule that I plan to use to check incoming connections to public facing Virtual Servers. I have confirmed that the F5 in question is getting regular updates from BrightCloud so I want to utilise this local database to check connections coming in to the F5 Virtual Servers.

This code attached was lifted and adjusted a little from an existing F5 article

 

when HTTP_REQUEST { 
set ip_reputation_categories [IP::reputation [IP::client_addr]] 
set is_reject 0 
if {($ip_reputation_categories contains "Windows Exploits")} {
set is_reject 1 } 
if {($ip_reputation_categories contains "Web Attacks")} { 
set is_reject 1 } 
if {($ip_reputation_categories contains "Botnets")} { 
set is_reject 1 } 
if {($ip_reputation_categories contains "Scanners")} { 
set is_reject 1 } 
if {($ip_reputation_categories contains "Denial of Service")} { 
set is_reject 1 } 
if {($ip_reputation_categories contains "Infected Sources")} { 
set is_reject 1 } 
if {($ip_reputation_categories contains "Phishing")} { 
set is_reject 1 } 
if {($ip_reputation_categories contains "Proxy")} { 
set is_reject 1 } 
if {($is_reject)} { 
log local0. "Attempted access from malicious IP address [IP::client_addr] ($ip_reputation_categories), request was rejected" HTTP::respond 200 content "Rejected Request The request was rejected. 
 Attempted access from malicious IP address" } }

 

Also just wondering what sort of load this would likely put on the F5 (Viprion 2400) and if there would be any significant performance decrease from dong this.

Cheers