Forum Discussion

Geoff_Gudgeon_3's avatar
Geoff_Gudgeon_3
Icon for Nimbostratus rankNimbostratus
Mar 02, 2017

IP Reputation and iRule

Hi, Was wondering if I could get some advice on the following iRule that I plan to use to check incoming connections to public facing Virtual Servers. I have confirmed that the F5 in question is ge...
iRules
security
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Mar 02, 2017

    Its your call but I wouldn't bother with a pretty response cause frankly their not worth the effort or the CPU. My version of this is below.

     

     when CLIENT_ACCEPTED {     
   if {[IP::reputation [IP::client_addr]] ne ""} {       
     reject         
   }       
 }

     

Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Mar 02, 2017

Its your call but I wouldn't bother with a pretty response cause frankly their not worth the effort or the CPU. My version of this is below.

 

 when CLIENT_ACCEPTED {     
   if {[IP::reputation [IP::client_addr]] ne ""} {       
     reject         
   }       
 }

 

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Mar 02, 2017

    Add a log statement if you want to see whats being rejected and why but otherwise thats what I would use. Just be mindful even a log statement can open you up to denial of service.. what happens of they send you a 100,000 requests in a minute.. how would your BIG-IP cope with a 100,000 log entries?

     

  • Geoff_Gudgeon_3's avatar
    Geoff_Gudgeon_3
    Icon for Nimbostratus rankNimbostratus
    Mar 05, 2017

    Fair enough.

     

    Thanks for your response mate. Much appreciated