Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

DDoS Reporting iApp & iRule

PeteWhite
F5 Employee
F5 Employee

on ‎21-Nov-2018 03:43

Problem this snippet solves:

When under DDoS, it can be difficult to set the ASM DoS profile correctly and to work out which URL, geographic areas etc are in use.

With this iApp and iRule you can assign an iRule to create a report and see the state easily and in an exportable manner.

A control menu is available for tuning sampling on and off, sampling rate is varied according to CPU rate so this should be safe to use when under attack.

The report shows RPS based on IP, URL, Country and User Agent and shows both tables and graphs. Tables allow searching, paging and limiting number of entries. Graphs can be exported in different formats eg PNG, JPG, SVG, PDF etc.

How to use this snippet:

This iRule and iApp will enable an iRule to be added to the virtual server and provide a report directly by navigating to the virtual server and the random URL.

The Virtual Server requires an http profile to be assigned.

Install the iApp and run it to set variables and create the iRule, or add the iRule and set the variables.

Navigate to the virtual server on which it is applied and go to the URL as specified in the random variable eg https://1.2.3.4/6123. This will show the menu to turn sampling on or off and view the report.

0151T000003d9DiQAI.PNG

0151T000003d9DjQAI.PNG 0151T000003d9DkQAI.PNG 0151T000003d9DlQAI.PNG 0151T000003d9DmQAI.PNG 0151T000003d9DnQAI.PNG 0151T000003d9DoQAI.PNG 0151T000003d9DpQAI.PNG 0151T000003d9DqQAI.PNG

Code :

90966

Tested this on version:

11.6
Labels:
irule_ddos_report_v1
0 Kudos
Version history
Last update:
‎21-Nov-2018 03:43
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC