Forum Discussion

Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous

IP intelligence uses a mutiple sources which are aggregated. One is the feed list the other is the service from Brightcloud. A feed is a simple comma-separated value (CSV) file. The file contains four comma-separated values per line. They are IP address, netmask, type and category. The last three are optional and will use defaults specified when you added the feed. Here is an example

10.0.0.2,32,bl,spam_sources
10.0.0.3,,wl,
10.10.0.12,,botnets
10.0.0.12,,,
10.0.0.13,,bl,

In the first line we have the address 10.0.0.2 with a /32 netmask. This is a blacklist item as specified by "bl" and the category is spam_sources. This list format is plain text. Store the file on a webserver and refer to it using the full URL. I am not aware of a on-box IP intelligence whitelist for AFM in 11.6.0. More information can be found here.

John_Beckmann's avatar
John_Beckmann
Icon for Employee rankEmployee
Feb 15, 2017

You can use the following iRule to create a feedlist on one of your VS:-

when RULE_INIT {
set static::MY_WL {
10.0.0.2,32,bl,spam_sources,
10.0.0.3,,wl,
10.10.0.12,,botnets,
10.0.0.12,,,
10.0.0.13,,bl,,}
}
when HTTP_REQUEST {
  if { [HTTP::uri] eq "/My_White_List.html" } {
    HTTP::respond 200 content $static::MY_WL
  }
}

You then just create a Feedlist:-

http(s)://My_White_List.html