URI-based Blocking vs. IP-based Ban in irules

Hi mervesassmaz​ 

While iRules are powerful I do think AWAF + Bot protection is better suited for this type of protection.  The contact-us endpoint is likely more prone to injection type, spam and abuse  attacks and less likely from brute-force as its not accepting logins etc.   Within iRules you can implement rate limiting but you would need the table command to keep track of IP's, this could get costly memory wise especially if your getting spammed by hundreds/thousands of source IP's.  Also you will have to clear entries to protect the BIG-IP memory and not have a table size growing exponentially.  Using an iRule solely  to handle protections and  false positives is not optimal (IMO).  I'd be curious to hear what others think.