For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

GeoLocation and IP Reputation Query

Problem this snippet solves:

Usage:

**http**://VS_IP/**geo?**{IPv4_TO_TEST | IPv6_TO_TEST}

Examples:
http://10.100.89.100/geo?8.8.8.8
http://10.100.89.100/geo?199.19.105.220
http://10.100.89.100/geo?2a02:DB8::45

How to use this snippet:

iRule Source

https://github.com/ArtiomL/f5networks/tree/master/irules/geo-query

Sample Output

IP: 199.19.105.220

GeoLocation Data
Continent: NA
Country: US
State: Texas
ISP: Network operations center inc.
Org: Volumedrive

IP Reputation: Scanners Proxy

Code :

#!iRule
# F5 Networks - iRule: GeoLocation and IP Reputation Query
# https://github.com/ArtiomL/f5networks
# Artiom Lichtenstein
# v1.7, 21/07/2016
#
# Usage:
# http://VS_IP/geo?{IPv4_TO_TEST | IPv6_TO_TEST}
#
# Examples:
# http://10.100.89.100/geo?8.8.8.8
# http://10.100.89.100/geo?199.19.105.220
# http://10.100.89.100/geo?2a02:DB8::45

when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/geo" } {
set str_GEO_RESPONSE "Please Enter IPv4 / IPv6 Address:"
set str_IP_ADDR [substr [HTTP::uri] 5]
if { ![catch {IP::addr $str_IP_ADDR mask 255.255.255.255}] } {
 log local0.info "IP: $str_IP_ADDR"
set str_GEO_RESPONSE "IP: $str_IP_ADDR

GeoLocation Data"
array set arr_GEO_DATA {
aContinent 0
bCountry 0
cState 0
dCity 0
eZIP 0
fArea_Code 0
gLatitude 0
hLongitude 0
iISP 0
jOrg 0
}
set lst_SORTED_ARR [lsort [array names arr_GEO_DATA]]

foreach i $lst_SORTED_ARR {
set str_GEO_FIELD [substr $i 1]
set arr_GEO_DATA($i) [whereis $str_IP_ADDR [string tolower $str_GEO_FIELD]]
if { ([string length $arr_GEO_DATA($i)]) && ($arr_GEO_DATA($i) ne "0") } {
set str_GEO_RESPONSE [concat $str_GEO_RESPONSE "
$str_GEO_FIELD:" [string toupper $arr_GEO_DATA($i) 0 0]]
 log local0.info "$str_GEO_FIELD: $arr_GEO_DATA($i)"
}
}

set lst_IP_REP [IP::reputation $str_IP_ADDR]
if { [llength $lst_IP_REP] == 0 } { set lst_IP_REP "Good" }
else {
 log local0.info "IP Reputation: $lst_IP_REP"
set lst_IP_REP [concat "" $lst_IP_REP ""]
}
set str_GEO_RESPONSE [concat $str_GEO_RESPONSE "

IP Reputation:" $lst_IP_REP]
}

HTTP::respond 200 content [subst {


F5 GeoLocation





$str_GEO_RESPONSE







}]
}
}

Tested this on version:

12.0
Published Mar 17, 2015
Version 1.0
application delivery
devops
iRules
reporting
No CommentsBe the first to comment