F5’s Sexiest Security iRules

#infosec #ddos

It’s amazing what people come up with when they have the ability to inspect and change data in transit with a real scripting language. Over the last couple of years, as more and more organizations have been transferring security responsibility to their BIG-IPs, we’ve seen some really clever security-focused iRules that are worth sharing.

In celebration of National Cyber-Security Awareness Month, the DevCentral team has hand-picked a selection of the best security iRules from the last couple of years to showcase the ingenuity of the DevCentral community and the power of deploying security intelligence at the strategic point of control in the ADN.

To be honest, we argued about the final list for some time, mostly because there were so many good ones to choose from. We discarded a few because, while amazing, they were too esoteric to really be “digestible” to a larger audience. The final set is a great representation of four different security categories.

1. Protect against Targeted Attacks. Included in this set is one of the most downloaded and discussed security iRules ever. The HashDos Defender (contributed by Simon Kowallik) shows to defend Ruby, PHP, ASP.NET, Java, Apache, Python – basically every web platform in use today – with a single iRule.

2. Control Access to Resources. My favorite among these is the HTTP request throttling iRule. DDoS attackers have been getting smarter and are using POST attacks to bypass SDNs and caches. While not a perfection solution, throttling the POSTs at the BIG-IP can be a basic form of control to keep your servers up during an attack.

3. Safeguard Sensitive Information. The Credit Card Tokenization iRule shows to reduce the scope of PCI audits. Yes, it’s true, sometimes people think of audits as a threat surface. The amazing thing about this iRule is that it has the potential to remove everything except the BIG-IP and the edge router from the PCI scope. Think about how much paperwork it “defends.”

4. Improve DNS Security. Now that F5’s Global Traffic Manager product has received full iRules support, the community is inserting clever, and sometimes devastatingly simple iRules that to improve security posture. Here we feature three that tweak both incoming and outgoing traffic with DNS blackhole listing.

As 2012 comes to a close, the DevCentral community has over 100,000 members. Among this group are the most ardent supporters for F5 iRules technology, because it gives them the power and flexibility to create the security solutions that they need when nothing else will do.


Published Oct 29, 2012
Version 1.0