VPN detection

Question

Hello.
I Received such from from marketing guy, for working with content providers:&nbsp;
Solution for VPN/Anonymous Proxy detection?  This functionality is a mandatory requirement for all IP distribution of content.&nbsp;
Can I it implement in F5, and how? &nbsp;

youssef1 · Answer

Hello mykola.&nbsp;
Yes. When you set up a vpn (full or split vpn) you have the availability to force all user to pass through your proxy and it's very simple to do it.&nbsp;
You can set transparently proxy or proxy pac to users.&nbsp;
https://devcentral.f5.com/questions/vpn-and-proxy-setting&nbsp;
Let me know if you need details .&nbsp;
Regards&nbsp;

stanislas_piro2 · Answer

The IP Intelligence subscription can help you to block these types of connections. (source 
P Intelligence Service Datasheet)&nbsp;

The IP Intelligence service identifies and blocks IP addresses associated with a variety of threat sources, including:&nbsp;
Windows exploits: Includes active IP addresses offering or distributing malware, shell code, rootkits, worms, or viruses.&nbsp;
Web attacks: Includes cross-site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force.&nbsp;
Botnets: Includes botnet command and control channels and infected zombie machines controlled by the bot master.&nbsp;
Scanners: Includes all reconnaissance, such as probes, host scan, domain scan, and password brute force.&nbsp;
Denial of service: Includes DoS, DDoS, anomalous SYN  flood, and anomalous traffic detection.&nbsp;
Reputation: When enabled, denies access to IP addresses currently known to be infected with malware or to contact malware distribution points.&nbsp;
Phishing: Includes IP addresses hosting phishing sites or other kinds of fraud activities, such as click fraud or gaming fraud.&nbsp;
Proxy: Includes IP addresses providing proxy and anonymization services, as well as The Onion Router (TOR) anonymizer addresses.&nbsp;

sebomb · Answer

Good evening.We had similar requirement in our application to block all VPN traffic. We had IP Intelligence (IPI) setup via our Application Security Manager.It seems to work well for preventing automated exploit attempts but it was not effective for VPN Detection. As a workaround solution for now we have been using https://focsec.com/ VPN IP Database as a blocklist feed... so far it has been working great&nbsp;

aidoon311 · Answer

In my opinion https://banproxy.com has one of the best VPN and Proxy detection. I am using it on a game server where a lot of VPN users are joining. 99% of them get blocked, which is a very good rate

Forum Discussion

VPN detection

Recent Discussions

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

F5 Health Monitor Receive String as JSON

Cloudflare True-Client-IP as Persistence

Should config via cli rather than gui?

Get actual client ips in splunk

Related Content

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Operationlizing Online Fraud Detection, Prevention, and Response

Detect and stop exfiltration attempts with F5 Distributed Cloud App Infrastructure Protection

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS