Forum Discussion
kend
Oct 14, 2020Altostratus
iRule Syntax to Block IP Address in AFM
I want to write an iRule that will look at the client IP address and block it in AFM based on a data group. Is there any iRule syntax to tell AFM to block the IP or add it to the denied list?
Andrew-F5
Oct 19, 2020Employee
See K10354610: BIG-IP AFM operations guide | Chapter 3: Firewall rules and ACL::action for additional details.
when FLOW_INIT {
if { [class match [IP::client_addr] equals DG] } {
ACL::action drop
}
}
Is there any reason you want to do this specifically within AFM as opposed to just matching the data group and dropping without ever involving AFM?
when FLOW_INIT {
if { [class match [IP::client_addr] equals DG] } {
drop
}
}
- kendOct 19, 2020Altostratus
I wanted to have the ability to add the attacking IP to the denied list for a specified period of time instead of having the iRule have to continuously drop the traffic.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects