Forum Discussion

gnico's avatar
gnico
Icon for Nimbostratus rankNimbostratus
Nov 08, 2022

Irule to block request from amazonaws.com

Hello, I have an irule to block request from amazonaws.com bad crawlers (millions of requests a day) but my irule doesn't work. Total executions is 0..  Here is the code :      when HTTP_REQUES...
amazonaws
block
host
hostname
irule
security
gnico's avatar
gnico
Icon for Nimbostratus rankNimbostratus

Thank you for your reply.

That I want to get is a property like the Apache remote_host. In my Apache logs, i have millions hits from remote_host ec2-xx-xxx-xxx-xx.eu-west-3.compute.amazonaws.com

They are malicious bots with classical User Agent likeMozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78 and with a lot of differents IP

So, the last and only solution I found is to block them with their remote host. I don't want to use Apache rules. I want to block them before Apache.

Is there a way ?

Thank you

Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Nov 08, 2022

Hi gnico , 
      if you recieve millions of hits also if you have Advanced WAF license on your F5 Bigip Appliance 

, I think configuring Bot defense on your F5 will be good workaround. 
Please check this Video : 
https://www.youtube.com/watch?v=zSw4boZmNBA

and monitor traffic from Asm event logs , also keep track your CPU and Memory as well.