DDoS Reporting iApp & iRule
Problem this snippet solves:
When under DDoS, it can be difficult to set the ASM DoS profile correctly and to work out which URL, geographic areas etc are in use.
With this iApp and iRule you can assign an iRule to create a report and see the state easily and in an exportable manner.
A control menu is available for tuning sampling on and off, sampling rate is varied according to CPU rate so this should be safe to use when under attack.
The report shows RPS based on IP, URL, Country and User Agent and shows both tables and graphs. Tables allow searching, paging and limiting number of entries. Graphs can be exported in different formats eg PNG, JPG, SVG, PDF etc.
How to use this snippet:
This iRule and iApp will enable an iRule to be added to the virtual server and provide a report directly by navigating to the virtual server and the random URL.
The Virtual Server requires an http profile to be assigned.
Install the iApp and run it to set variables and create the iRule, or add the iRule and set the variables.
Navigate to the virtual server on which it is applied and go to the URL as specified in the random variable eg https://1.2.3.4/6123. This will show the menu to turn sampling on or off and view the report.
Code :
90966
Tested this on version:
11.6