Forum Discussion
NimbostratusiRule with Client Detection
Hi guys,
I have a question regarding an iRule which should work as an BFP.
I want to create an iRule which works as an BFP and identifies the user by three parameters:
1) IP_Address 2) User_Agent 3) Platform
For every wrong login attempt the iRule should write these information about the user in a table. If the user fails the authentification 10 times in a row the user should be blocked for a specific time.
Now the Questions: The ASM has an built in Client Detection and I am wondering if I can user this function in the iRule to gather information about the user.
If not, is there any decent way to to save these information in a object or some other datatype which contains all of these information.
I would appreciate if anyone has some hints or solutions regarding this topic.
Thank you very much.
2 Replies
Sequaja_338277My Code right now:
when RULE_INIT { set static::maxloginfailures 10 set static::bantime 200 set static::blacklist_tab "IPBlacklist" set static::userfail_tab "LoginFailures" } when CLIENT_ACCEPTED { set clientip [IP::client_addr] set client_UserAgent [ACCESS::session data get session.user.agent] set client_Platform [ACCESS::session data get session.client.platform] if { [table lookup -subtable $static::blacklist_tab $clientip] == 1 } { reject return } } when AUTH_FAILURE { if {[table lookup -subtable $static::userfail_tab $clientip] > $static::maxloginfailures} then { table set -subtable $static::blacklist_tab $clientip 0 indef $static::bantime table delete -subtable $static::userfail_tab $clientip } if { [table lookup -subtable $static::userfail_tab $clientip] != 1 } then { table set -subtable $static::userfail_tab $clientip 0 indef indef } else { table incr -subtable $static::userfail_tab $clientip } } when AUTH_Success { table delete -subtable $static::userfail_tab $clientip }
Stanislas_Piro2Cumulonimbus
Hi,
What product are you using?
In the irule, you use APM commands but not APM events!
