Forum Discussion

MrHedgehog's avatar
MrHedgehog
Icon for Nimbostratus rankNimbostratus
Feb 04, 2025

iRule lookup IP address from remote json endpoint and whitelist source traffic?

I've been tasked with investigating the possibility to whitelist traffic from source IP addresses that are matched against a remote list, implemented as an API endpoint that returns a json array of permitted CIDR addresses.

Incoming traffic would arrive on the bigip, the source address would be matched through an iRule that would look up the address against a remote API endpoint containing whitelisted addresses and if there is a match it would pass the traffic, if not, return unauthorized.

I wanted to see if anyone in the F5 community has tried to implement such a function? The closest post I have come across (from 2007) is here.

I am aware the source data would usually go in a data group, or a remote data group but I have no way of transferring a remote list onto the F5. Even if I did that list would have to be updated on a frequent schedule.

I am also aware of the downsides to any approach to have an iRule make a remote call out (blocking, zero data returned, API call made for each connection etc) but as I say it is just research at this point. It might well be that it is simply not a feasable task.

Thanks, Will.