I need to create iRule to block client IP if it met below condition : if client try to do attack ex: sql injection 3 times then i want to block this IP for 1 hour and after 1 hour the IP should be unblocked . is it possible to do this?

Hello Blue. You can react to a ASM violation using an iRule. Some examples:https://support.f5.com/csp/article/K15573541https://support.f5.com/csp/article/K37744422 After that you could include that IP into a table variable with one hour of timeout. This table would be checked everytime you receive a request. I did a similar iRule here:https://devcentral.f5.com/s/articles/iRule-for-Brute-Force-Password-Guessing-Attacks?page=6 Regards,Dario.

Forum Discussion

THE_BLUE

Cirrostratus

Dec 29, 2020

iRule to block IP for period of time.

I need to create iRule to block client IP if it met below condition :

if client try to do attack ex: sql injection 3 times

then i want to block this IP for 1 hour and after 1 hour the IP should be unblocked .

is it possible to do this?

1 Reply

Dario_Garrido
Noctilucent
Dec 29, 2020
Hello Blue.

You can react to a ASM violation using an iRule. Some examples:
https://support.f5.com/csp/article/K15573541
https://support.f5.com/csp/article/K37744422

After that you could include that IP into a table variable with one hour of timeout. This table would be checked everytime you receive a request. I did a similar iRule here:
https://devcentral.f5.com/s/articles/iRule-for-Brute-Force-Password-Guessing-Attacks?page=6

Regards,
Dario.