Forum Discussion

Deepu2017's avatar
Deepu2017
Icon for Altostratus rankAltostratus
Jun 21, 2018

irule for IP rejection for malicious IPs

Hi All,   I have implemented a irule to reject requests from IP that is tagged as malicious by the IP intelligence module. We have a custom response page built on the app and whenever a traffic t...
ASM Advanced WAF
security
Anesh's avatar
Anesh
Icon for Cirrostratus rankCirrostratus
Jun 22, 2018

create a Data Group [threat_categories_dg] with your reject categories and try the below

when RULE_INIT {
    
    set static::threat_categories_dg "threat_categories_dg"

}

when CLIENT_ACCEPTED {

set client_ip [IP::client_addr]
set threat_categories [IP::reputation $client_ip]

if { [class match $threat_categories contains $static::threat_categories_dg] } {
            { log local0. "Dropping request. VS IP: [IP::local_addr], Client IP: $client_ip, Threat Category: $threat_categories, Country: [whereis $client_ip country]" }
            drop
    }
    
}
Related Content