20-Apr-2021 00:21
20-Apr-2021
01:36
- last edited on
04-Jun-2023
20:57
by
JimmyPackets
You can attach iRule to HTTP VIP to reject the traffic coming from the scanning tool.
Using data-group
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals scanner_ip] } {
reject
} else {
return
}
}
Using IP-address within the iRule
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals <scannerip> ] } {
reject
} else {
return
}
}
22-Apr-2021 00:13
In this case, how the F5 knows that this a legitimate request and not a port scan ?
22-Apr-2021 00:38
well, you need to explicitly add IP addresses of scanning tool in the data group "scannerip" or define in the iRule itself.
20-Apr-2021 06:04
You can redirect the request from port 80 to port 443.
( HTTP::redirect ...)
22-Apr-2021 00:12
This way do not prevent the F5 to answer on port scanning
22-Apr-2021 00:56
Sorry. Wrong question.