Forum Discussion

Nimbostratus

Jul 03, 2018

irule Brute Force attack control on SFTP Virtual servers

How do you guys normally deal with Brute Force attack on non HTTP traffic? I can perhaps set up an irule to limit the number of connection by the same IP address, but is there a way to detect how man...

irules

security

boneyard

MVP

Jul 07, 2018

i would expect an irule to do that already exists but i can't find anything.

you will probably need to combine some existing irules.

the one you suggest + something like this: https://devcentral.f5.com/articles/preventing-brute-force-password-guessing-attacks-with-apm%E2%80%93part-4 and ignore the APM parts.

you would create a table with all client IPs and a connection counter, do a counter+1 when an IP makes a connection. then when it reaches some limit block it for an hour and clear the counter.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

irule Brute Force attack control on SFTP Virtual servers

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Connection Rate Limit with log output

syslog over tcp and define management IP as source

Managing iRules configuration

Recommendation for Adv. Lab

Related Content

iControl REST Cookbook - Virtual Server (ltm virtual)

The Ingress NGINX Alternative: F5 NGINX Ingress Controller for the Long Term

virtual server config

Check a Virtual Server's SSL Status

JWT authorization with NGINX Ingress Controller

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS