Forum Discussion
URI-based Blocking vs. IP-based Ban in irules
Hi mervesassmaz
While iRules are powerful I do think AWAF + Bot protection is better suited for this type of protection. The contact-us endpoint is likely more prone to injection type, spam and abuse attacks and less likely from brute-force as its not accepting logins etc. Within iRules you can implement rate limiting but you would need the table command to keep track of IP's, this could get costly memory wise especially if your getting spammed by hundreds/thousands of source IP's. Also you will have to clear entries to protect the BIG-IP memory and not have a table size growing exponentially. Using an iRule solely to handle protections and false positives is not optimal (IMO). I'd be curious to hear what others think.
- Nikoolayy1Jun 08, 2026
MVP
Also IP intelligence/reputation will be a nice addition to this.
- Juergen_MangJun 09, 2026
MVP
I always find threat campaigns more useful than IPI, but this is another topic.
- Daniel_WolfJun 09, 2026
MVP
I think XC Bot Defense is the state of the art solution for this kind of attack. It can be deployed either as a Service or hybrid with BIG-IP (YT: F5 Distributed Cloud Bot Defense with Native Integration).
The Bot Defense that comes with BIG-IP AWAF has it's limitations with modern attacks. The signature-based approach will fend off script kiddies, the JS injection approach doesn't work well with some modern applications/frameworks.
Solely IP-based blocking is dead. Serious attackers will change IP addresses faster than I can say "F5". Geo-Location blocking is still effective, but I would only use it proactively, while under attack. Not all the time.- Jeff_GranieriJun 09, 2026
Employee
Agree Daniel, I didn't bring XC to this conversation specifically because the conversation started with iRules(BIG-IP). 100% XC Bot Defense is best suited for this and even AI enabled WAF in XC 🙂
- PauliusJun 09, 2026
MVP
I agree with everyone else on this, going with an iRule as the solution here isn't the best option.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com