For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

steven_singer_8's avatar
steven_singer_8
Icon for Nimbostratus rankNimbostratus
Sep 25, 2014

Per-IP rate limiting for non-matching IPs

I wrote an iRule that 403'ed any requesting IPs that did NOT match a class of IPs. rule filter_clients_rule { when HTTP_REQUEST { if { [matchclass [IP::client_addr] equals $::MySelfDefined_Netw...
ASM Advanced WAF
security
Stewart's avatar
Stewart
Icon for Altostratus rankAltostratus
Sep 26, 2014

You could do something like this assuming your default pool is "regular-site-pool" and you'd need to create the rate class "non-matching-IPs as well:

rule filter_clients_rule { when HTTP_REQUEST { if { [matchclass [IP::client_addr] not $::MySelfDefined_Network_class] } { rateclass non-matching-IPs } } }

`

This isn't using ASM though.