VPN detection

Question

Hello.
I Received such from from marketing guy, for working with content providers:&nbsp;
Solution for VPN/Anonymous Proxy detection?  This functionality is a mandatory requirement for all IP distribution of content.&nbsp;
Can I it implement in F5, and how? &nbsp;

youssef1 · Answer

Hello mykola.&nbsp;
Yes. When you set up a vpn (full or split vpn) you have the availability to force all user to pass through your proxy and it's very simple to do it.&nbsp;
You can set transparently proxy or proxy pac to users.&nbsp;
https://devcentral.f5.com/questions/vpn-and-proxy-setting&nbsp;
Let me know if you need details .&nbsp;
Regards&nbsp;

stanislas_piro2 · Answer

The IP Intelligence subscription can help you to block these types of connections. (source 
P Intelligence Service Datasheet)&nbsp;

The IP Intelligence service identifies and blocks IP addresses associated with a variety of threat sources, including:&nbsp;
Windows exploits: Includes active IP addresses offering or distributing malware, shell code, rootkits, worms, or viruses.&nbsp;
Web attacks: Includes cross-site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force.&nbsp;
Botnets: Includes botnet command and control channels and infected zombie machines controlled by the bot master.&nbsp;
Scanners: Includes all reconnaissance, such as probes, host scan, domain scan, and password brute force.&nbsp;
Denial of service: Includes DoS, DDoS, anomalous SYN  flood, and anomalous traffic detection.&nbsp;
Reputation: When enabled, denies access to IP addresses currently known to be infected with malware or to contact malware distribution points.&nbsp;
Phishing: Includes IP addresses hosting phishing sites or other kinds of fraud activities, such as click fraud or gaming fraud.&nbsp;
Proxy: Includes IP addresses providing proxy and anonymization services, as well as The Onion Router (TOR) anonymizer addresses.&nbsp;

sebomb · Answer

Good evening.We had similar requirement in our application to block all VPN traffic. We had IP Intelligence (IPI) setup via our Application Security Manager.It seems to work well for preventing automated exploit attempts but it was not effective for VPN Detection. As a workaround solution for now we have been using https://focsec.com/ VPN IP Database as a blocklist feed... so far it has been working great&nbsp;

aidoon311 · Answer

In my opinion https://banproxy.com has one of the best VPN and Proxy detection. I am using it on a game server where a lot of VPN users are joining. 99% of them get blocked, which is a very good rate

Forum Discussion

VPN detection

4 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

AST Configuration Assistance

Identify which virtual servers are using a specific SSL certificate

Related Content

Salesloft Drift, VPNs and Roundup

F5 Distributed Cloud JA4 detection for enhanced performance and detection

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS