F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!
Problem this snippet solves:
iRule that helps to mitigate the Log4j vulnerability with use of public available IOCs. Currently the following IOCs can be used:
cert-agid.gov.it (Contains scan IP's): https://cert-agid.gov.it/download/log4shell-iocs.txt
NLD Police: https://thanksforallthefish.nl/log4j_blocklist.txt
These IOCs combined will result in about 25191 IP addresses being blocked.
The plan is to add some more IOCs soon.
Last update: 27 December 2021
How to use this snippet:
This solution makes use of iRulesLX. So first of all you need to provision iRulesLX on your BIG-IP. Then proceed to add the LX Workspace, iRule and Extension.
Install the required NodeJS modules. Use SSH to login to your BIG-IP and install the https and lokijs modules.
# cd /var/ilx/workspaces/Common/log4j_ioc/extensions/log4j_ioc_extension
# nmp install https lokijs --save
Tested this on version: