Block IP Addresses With Data Group And Log Requests On ASM Event Log

Problem this snippet solves: This is Irule which will block IP Addresses that are not allowed in your organization. instead of adding each IP Address in Security ›› Application Security : IP Addre...
Published Feb 17, 2019
Version 1.0
ASM Advanced WAF
iRules
security
Super-NetOps
renaranj2024's avatar
renaranj2024
Icon for Nimbostratus rankNimbostratus

It's missing this step: Security>>Application Security: Policy Building:Learning and Blocking Settings

search for Custom Violations section and enable Alarm and Block settings for the just created violation Illegal_IP_Address.

Tested on version 16.1.4.x

1982's avatar
1982
Icon for Nimbostratus rankNimbostratus
Apr 24, 2024

renaranj2024 is possible to create a new how-to using your version?

  • renaranj2024's avatar
    renaranj2024
    Icon for Nimbostratus rankNimbostratus
    Apr 24, 2024

    Use this procedure and add the two steps I wrote. 

    The Code works fine. Use you datagroup name and custom violation name.

    • 1982's avatar
      1982
      Icon for Nimbostratus rankNimbostratus
      Apr 24, 2024

      Ok, I'll try to use it, the same code from the example, my concern is blocking everything, not just the Black_list IPs, but all sources.