For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

aelkosairy_1840's avatar
aelkosairy_1840
Icon for Nimbostratus rankNimbostratus
Dec 02, 2015

redirect all the attack traffic to specific destination

Dears , I need someone help me in specific objective , I need IRule allow to F5 to redirect all the malicious traffics to specific destination instead of Block or Deny the traffic , so F5 only detec...
ASM Advanced WAF
iRules
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Dec 02, 2015

You can achieve this with a simple iRule.

First you need to set up a pool which has a pool member which is the destination (IP address and port) where you need to send the malicious traffic.

If you are not going to display a blocking page then you can keep your violations on "Alarm" instead of "Block". Then use an iRule like this one:

when ASM_REQUEST_DONE
 {
    if { [ASM::status] equals "alarmed" } {
            log local0.debug "Request: [HTTP::method] [HTTP::uri] raised ASM violations and was sent to malicious traffic pool"

            send traffic to malicious traffic pool
            pool malicious_traffic_destination_pool         
        }
}

Hope this helps,

Sam