Forum Discussion

Nimbostratus

Sep 25, 2014

Per-IP rate limiting for non-matching IPs

I wrote an iRule that 403'ed any requesting IPs that did NOT match a class of IPs. rule filter_clients_rule { when HTTP_REQUEST { if { [matchclass [IP::client_addr] equals $::MySelfDefined_Netw...

ASM Advanced WAF

security

Stewart

Altostratus

Sep 26, 2014

You could do something like this assuming your default pool is "regular-site-pool" and you'd need to create the rate class "non-matching-IPs as well:

rule filter_clients_rule { when HTTP_REQUEST { if { [matchclass [IP::client_addr] not $::MySelfDefined_Network_class] } { rateclass non-matching-IPs } } }

This isn't using ASM though.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Per-IP rate limiting for non-matching IPs

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

F5 DNS Logs in JSON Format

APM - Portal access - Issue

How to configure ssh access by key on F5OS

ASM/AWAF declarative policy

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

AI Token Limit Enforcement

Rate limiting WebSocket messages for Agents

F5 BIG-IP deployment with OpenShift - per-application 2-tier deployments

F5 BIG-IP per application Red Hat OpenShift cluster migrations

BIG IP DNS - Queries Per Second

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS