MSM iRule Customization

Question

Has anyone worked with MSM (Message Security Module)? We seem to be at the mercy of the "Trusted Source" database and would like to whitelist a group of IP addresses for our customers that "Secure Computing" currently catagorizes as Malicious. 
&nbsp;  
&nbsp; Is there any way to alter the MSM iRule to allow for a customizable whitelist of IPs that we consider to be safe, regardless of what Trusted Source reports?

nicolas_menant · Answer

Hi,   
    
  I wouldn't recommend to modify the iRule provided with MSM or you will lose support on it.   
    
  Instead i would recommend to configure a new iRule that will be triggered before and do your checking.   
    
  Here is an example to handle a white list and a black list:

when CLIENT_ACCEPTED {  
    if { [matchclass [IP::client_addr] equals $::white_list] } {  
    log local0. "client: [IP::client_addr] found in white_list directed to http_test_pool"  
  pool http_test_pool  
  event disable all  
    }  
    elseif { [matchclass [IP::client_addr] equals $::black_list] } {  
      log local0. " client: [IP::client_addr] found in black_list directed to http_test_pool_2"  
  pool http_test_pool_2   
              or discard  
  event disable all  
    }  
  }

You just need to specify this iRule in your VS before the MSM one  
    
  HTH

Forum Discussion

MSM iRule Customization

Recent Discussions

Can F5 be in Bridge Mode or a L2 DDOS to protect from L3-L4 DDOS attack

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

Related Content

MSM Bypass

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

F5 Distributed Cloud Customer Edge on F5 rSeries – Reference Architecture

Protecting APIs with Access Policy Manager and custom iRules

Customer Edge Site High Availability for Application Delivery - Reference Architecture

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS