Forum Discussion
Whitelist Override Ip Intelligence
IP intelligence uses a mutiple sources which are aggregated. One is the feed list the other is the service from Brightcloud. A feed is a simple comma-separated value (CSV) file. The file contains four comma-separated values per line. They are IP address, netmask, type and category. The last three are optional and will use defaults specified when you added the feed. Here is an example
10.0.0.2,32,bl,spam_sources
10.0.0.3,,wl,
10.10.0.12,,botnets
10.0.0.12,,,
10.0.0.13,,bl,
In the first line we have the address 10.0.0.2 with a /32 netmask. This is a blacklist item as specified by "bl" and the category is spam_sources. This list format is plain text. Store the file on a webserver and refer to it using the full URL. I am not aware of a on-box IP intelligence whitelist for AFM in 11.6.0. More information can be found here.
Hi, this iRule allows you to have a dynamic feed list populated with datagroups (ipi_wl and ipi_wl in my case).So you can add/remove white(black)listed ip/subnets. You have to add a new feed pointing to the VS that is hosting the feed (/whitelist.html) and (/blacklist.html). It is not optimized but it works:
when RULE_INIT {
set datagroup names for whitelist and blacklist
set static::dgroup_whitelist "ipi_wl"
set static::dgroup_blacklist "ipi_bl"
}
switch -glob [string tolower [HTTP::uri]] {
"/whitelist*" {
set class_name $static::dgroup_whitelist
set id [class startsearch $class_name]
set whitelist ""
Loop through the class row by row
while {[class anymore $class_name $id]}{
set element [class nextelement $class_name $id]
set ipadd [lindex [split [lindex [split $element " "] 0] "/"] 0]
set mask [lindex [split [lindex [split $element " "] 0] "/"] 1]
set entry [concat $ipadd,$mask,,]
set whitelist [concat $whitelist\r\n$entry]
}
Clean up the search
class donesearch $class_name $id
HTTP::respond 200 content $whitelist
}
"/blacklist*" {
set class_name $static::dgroup_blacklist
set id [class startsearch $class_name]
set blacklist ""
Loop through the class row by row
while {[class anymore $class_name $id]}{
set element [class nextelement $class_name $id]
set ipadd [lindex [split [lindex [split $element " "] 0] "/"] 0]
set mask [lindex [split [lindex [split $element " "] 0] "/"] 1]
set entry [concat $ipadd,$mask,,]
set blacklist [concat $blacklist\r\n$entry]
}
Clean up the search
class donesearch $class_name $id
HTTP::respond 200 content $blacklist
}
default { HTTP::respond 200 content "IP Intelligence Feed List Virtual Server Available" }
}
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com