F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ccraddock_33000's avatar
ccraddock_33000
Icon for Nimbostratus rankNimbostratus
Feb 19, 2019

Restrict inbound API calls using iRule

Dear Dev Central,   We have an externalized "API service" LTM VS that we use for various external service providers to send us call back receipts (Email, Fax, SMS etc). We want to restrict who can...
BIG-IP
iRules
security
Dave_McCauley_3's avatar
Dave_McCauley_3
Icon for Cirrostratus rankCirrostratus
Feb 19, 2019

What part of the environment are you trying to protect? DDoS protection is more complicated than blocking certain clients/requests. For example, is it that the backend servers can't handle the load, or the ISP is the limiting factor, or the SSL TPS of the BIG-IP? LTM/AFM can do the L3/L4 blocking, ASM can do L7. Silverline can do the cloud scrubbing.

 

ASM can parse the JSON by creating a content profile and you can then act on the key/values of the JSON, limit metacharacters, scrub data for logs, etc. And it can also rate limit at the L7 level to block certain types of attacks. An iRule can also do L7 stuff like you mentioned, dropping/resetting/responding with custom responses based on URI's, headers, POST data, etc.